drbd: Work on permission enforcement
Now we have the capabilities of the sending process available, use them to enforce CAP_SYS_ADMIN. Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com> Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
This commit is contained in:
parent
25d2d4edfa
commit
9f5180e5c3
@ -2000,7 +2000,7 @@ static struct cn_handler_struct cnd_table[] = {
|
||||
[ P_new_c_uuid ] = { &drbd_nl_new_c_uuid, 0 },
|
||||
};
|
||||
|
||||
static void drbd_connector_callback(struct cn_msg *req)
|
||||
static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms *nsp)
|
||||
{
|
||||
struct drbd_nl_cfg_req *nlp = (struct drbd_nl_cfg_req *)req->data;
|
||||
struct cn_handler_struct *cm;
|
||||
@ -2017,6 +2017,11 @@ static void drbd_connector_callback(struct cn_msg *req)
|
||||
return;
|
||||
}
|
||||
|
||||
if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN)) {
|
||||
retcode = ERR_PERM;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
mdev = ensure_mdev(nlp);
|
||||
if (!mdev) {
|
||||
retcode = ERR_MINOR_INVALID;
|
||||
|
@ -138,6 +138,7 @@ enum drbd_ret_codes {
|
||||
ERR_VERIFY_RUNNING = 149, /* DRBD 8.2 only */
|
||||
ERR_DATA_NOT_CURRENT = 150,
|
||||
ERR_CONNECTED = 151, /* DRBD 8.3 only */
|
||||
ERR_PERM = 152,
|
||||
|
||||
/* insert new ones above this line */
|
||||
AFTER_LAST_ERR_CODE
|
||||
|
Loading…
Reference in New Issue
Block a user