Make sure only root in guests can write to /proc.

author Daniel Hokka Zakrisson <dhokka@cs.princeton.edu>

Fri, 9 Jan 2009 20:35:45 +0000 (20:35 +0000)

committer Daniel Hokka Zakrisson <dhokka@cs.princeton.edu>

Fri, 9 Jan 2009 20:35:45 +0000 (20:35 +0000)
author Daniel Hokka Zakrisson <dhokka@cs.princeton.edu>
Fri, 9 Jan 2009 20:35:45 +0000 (20:35 +0000)
committer Daniel Hokka Zakrisson <dhokka@cs.princeton.edu>
Fri, 9 Jan 2009 20:35:45 +0000 (20:35 +0000)
diff --git a/linux-2.6-700-fperm.patch b/linux-2.6-700-fperm.patch

index 50bdfd2..cd6669f 100644 (file)
--- a/linux-2.6-700-fperm.patch
+++ b/linux-2.6-700-fperm.patch
@@ -82,7 +82,7 @@ diff -Nurp linux-2.6.22-690/fs/namei.c linux-2.6.22-700/fs/namei.c
  +
  +                      if (vx_check(0, VS_ADMIN | VS_WATCH_P) ||
  +                          vx_flags(VXF_STATE_SETUP, 0) ||
-+                          vx_ccaps(VXC_PROC_WRITE))
++                          vx_capable(CAP_SYS_ADMIN, VXC_PROC_WRITE))
  +                              return 0;
  +
  +                      pid = PROC_I(inode)->pid;
author	Daniel Hokka Zakrisson <dhokka@cs.princeton.edu>
	Fri, 9 Jan 2009 20:35:45 +0000 (20:35 +0000)
committer	Daniel Hokka Zakrisson <dhokka@cs.princeton.edu>
	Fri, 9 Jan 2009 20:35:45 +0000 (20:35 +0000)