Commit 9f5180e5 authored by Philipp Reisner's avatar Philipp Reisner Committed by Jens Axboe
Browse files

drbd: Work on permission enforcement 



Now we have the capabilities of the sending process available,
use them to enforce CAP_SYS_ADMIN.

Signed-off-by: default avatarPhilipp Reisner <philipp.reisner@linbit.com>
Signed-off-by: default avatarJens Axboe <jens.axboe@oracle.com>
parent 25d2d4ed

drivers/block/drbd/drbd_nl.c

+6 −1
Original line number Diff line number Diff line
@@ -2000,7 +2000,7 @@ static struct cn_handler_struct cnd_table[] = { 
	[ P_new_c_uuid ]	= { &drbd_nl_new_c_uuid,	0 },

};



static void drbd_connector_callback(struct cn_msg *req)

static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms *nsp)

{

	struct drbd_nl_cfg_req *nlp = (struct drbd_nl_cfg_req *)req->data;

	struct cn_handler_struct *cm;
@@ -2017,6 +2017,11 @@ static void drbd_connector_callback(struct cn_msg *req) 
		return;

	}



	if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN)) {

		retcode = ERR_PERM;

		goto fail;

	}



	mdev = ensure_mdev(nlp);

	if (!mdev) {

		retcode = ERR_MINOR_INVALID;

include/linux/drbd.h

+1 −0
Original line number Diff line number Diff line
@@ -138,6 +138,7 @@ enum drbd_ret_codes { 
	ERR_VERIFY_RUNNING	= 149, /* DRBD 8.2 only */

	ERR_DATA_NOT_CURRENT	= 150,

	ERR_CONNECTED		= 151, /* DRBD 8.3 only */

	ERR_PERM		= 152,



	/* insert new ones above this line */

	AFTER_LAST_ERR_CODE

CRA Git | Maintained and supported by SUSTech CRA and CCSE