本文整理汇总了C++中put_cred函数的典型用法代码示例。如果您正苦于以下问题:C++ put_cred函数的具体用法?C++ put_cred怎么用?C++ put_cred使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了put_cred函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: vboxPciOsDevReattachHostDriver
int vboxPciOsDevReattachHostDriver(PVBOXRAWPCIINS pIns)
{
struct pci_dev *pPciDev = pIns->pPciDev;
if (!pPciDev)
return VINF_SUCCESS;
if (pIns->szPrevDriver[0])
{
char* szCmdBuf;
char* szFileBuf;
struct file* pFile;
int iCmdLen;
const int cMaxBuf = 128;
const struct cred *pOldCreds;
struct cred *pNewCreds;
uint8_t uBus = (pIns->HostPciAddress) >> 8;
uint8_t uDevFn = (pIns->HostPciAddress) & 0xff;
printk(KERN_DEBUG "vboxpci: reattaching old host driver %s\n", pIns->szPrevDriver);
/*
* Now perform kernel analog of:
*
* echo -n 0000:03:00.0 > /sys/bus/pci/drivers/pci-stub/unbind
* echo -n 0000:03:00.0 > /sys/bus/pci/drivers/nvidia/bind
*/
szCmdBuf = kmalloc(cMaxBuf, GFP_KERNEL);
szFileBuf = kmalloc(cMaxBuf, GFP_KERNEL);
if (!szCmdBuf || !szFileBuf)
goto done;
iCmdLen = RTStrPrintf(szCmdBuf, cMaxBuf,
"0000:%02x:%02x.%d",
uBus, uDevFn>>3, uDevFn&7);
/* Somewhat ugly hack - override current credentials */
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 29)
pNewCreds = prepare_creds();
if (!pNewCreds)
goto done;
pNewCreds->fsuid = 0;
pOldCreds = override_creds(pNewCreds);
#endif
RTStrPrintf(szFileBuf, cMaxBuf,
"/sys/bus/pci/drivers/%s/unbind",
PCI_STUB_MODULE);
pFile = vboxPciFileOpen(szFileBuf, O_WRONLY);
if (pFile)
{
/* Don't write trailing \0 */
vboxPciFileWrite(pFile, 0, szCmdBuf, iCmdLen);
vboxPciFileClose(pFile);
}
else
printk(KERN_DEBUG "vboxpci: cannot open %s\n", szFileBuf);
RTStrPrintf(szFileBuf, cMaxBuf,
"/sys/bus/pci/drivers/%s/bind",
pIns->szPrevDriver);
pFile = vboxPciFileOpen(szFileBuf, O_WRONLY);
if (pFile)
{
/* Don't write trailing \0 */
vboxPciFileWrite(pFile, 0, szCmdBuf, iCmdLen);
vboxPciFileClose(pFile);
pIns->szPrevDriver[0] = '\0';
}
else
printk(KERN_DEBUG "vboxpci: cannot open %s\n", szFileBuf);
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 29)
revert_creds(pOldCreds);
put_cred(pNewCreds);
#endif
done:
kfree(szCmdBuf);
kfree(szFileBuf);
}
开发者ID:LastRitter,项目名称:vbox-haiku,代码行数:83,代码来源:VBoxPci-linux.c
示例2: task_state
static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *p)
{
struct user_namespace *user_ns = seq_user_ns(m);
struct group_info *group_info;
int g, umask = -1;
struct task_struct *tracer;
const struct cred *cred;
pid_t ppid, tpid = 0, tgid, ngid;
unsigned int max_fds = 0;
rcu_read_lock();
ppid = pid_alive(p) ?
task_tgid_nr_ns(rcu_dereference(p->real_parent), ns) : 0;
tracer = ptrace_parent(p);
if (tracer)
tpid = task_pid_nr_ns(tracer, ns);
tgid = task_tgid_nr_ns(p, ns);
ngid = task_numa_group_id(p);
cred = get_task_cred(p);
task_lock(p);
if (p->fs)
umask = p->fs->umask;
if (p->files)
max_fds = files_fdtable(p->files)->max_fds;
task_unlock(p);
rcu_read_unlock();
if (umask >= 0)
seq_printf(m, "Umask:\t%#04o\n", umask);
seq_puts(m, "State:\t");
seq_puts(m, get_task_state(p));
seq_put_decimal_ull(m, "\nTgid:\t", tgid);
seq_put_decimal_ull(m, "\nNgid:\t", ngid);
seq_put_decimal_ull(m, "\nPid:\t", pid_nr_ns(pid, ns));
seq_put_decimal_ull(m, "\nPPid:\t", ppid);
seq_put_decimal_ull(m, "\nTracerPid:\t", tpid);
seq_put_decimal_ull(m, "\nUid:\t", from_kuid_munged(user_ns, cred->uid));
seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->euid));
seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->suid));
seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->fsuid));
seq_put_decimal_ull(m, "\nGid:\t", from_kgid_munged(user_ns, cred->gid));
seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->egid));
seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->sgid));
seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->fsgid));
seq_put_decimal_ull(m, "\nFDSize:\t", max_fds);
seq_puts(m, "\nGroups:\t");
group_info = cred->group_info;
for (g = 0; g < group_info->ngroups; g++)
seq_put_decimal_ull(m, g ? " " : "",
from_kgid_munged(user_ns, group_info->gid[g]));
put_cred(cred);
/* Trailing space shouldn't have been added in the first place. */
seq_putc(m, ' ');
#ifdef CONFIG_PID_NS
seq_puts(m, "\nNStgid:");
for (g = ns->level; g <= pid->level; g++)
seq_put_decimal_ull(m, "\t", task_tgid_nr_ns(p, pid->numbers[g].ns));
seq_puts(m, "\nNSpid:");
for (g = ns->level; g <= pid->level; g++)
seq_put_decimal_ull(m, "\t", task_pid_nr_ns(p, pid->numbers[g].ns));
seq_puts(m, "\nNSpgid:");
for (g = ns->level; g <= pid->level; g++)
seq_put_decimal_ull(m, "\t", task_pgrp_nr_ns(p, pid->numbers[g].ns));
seq_puts(m, "\nNSsid:");
for (g = ns->level; g <= pid->level; g++)
seq_put_decimal_ull(m, "\t", task_session_nr_ns(p, pid->numbers[g].ns));
#endif
seq_putc(m, '\n');
}
开发者ID:Lyude,项目名称:linux,代码行数:76,代码来源:array.c
示例3: init_cifs_idmap
int
init_cifs_idmap(void)
{
struct cred *cred;
struct key *keyring;
int ret;
cFYI(1, "Registering the %s key type", cifs_idmap_key_type.name);
/* create an override credential set with a special thread keyring in
* which requests are cached
*
* this is used to prevent malicious redirections from being installed
* with add_key().
*/
cred = prepare_kernel_cred(NULL);
if (!cred)
return -ENOMEM;
keyring = key_alloc(&key_type_keyring, ".cifs_idmap", 0, 0, cred,
(KEY_POS_ALL & ~KEY_POS_SETATTR) |
KEY_USR_VIEW | KEY_USR_READ,
KEY_ALLOC_NOT_IN_QUOTA);
if (IS_ERR(keyring)) {
ret = PTR_ERR(keyring);
goto failed_put_cred;
}
ret = key_instantiate_and_link(keyring, NULL, 0, NULL, NULL);
if (ret < 0)
goto failed_put_key;
ret = register_key_type(&cifs_idmap_key_type);
if (ret < 0)
goto failed_put_key;
/* instruct request_key() to use this special keyring as a cache for
* the results it looks up */
set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags);
cred->thread_keyring = keyring;
cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
root_cred = cred;
spin_lock_init(&siduidlock);
uidtree = RB_ROOT;
spin_lock_init(&sidgidlock);
gidtree = RB_ROOT;
spin_lock_init(&uidsidlock);
siduidtree = RB_ROOT;
spin_lock_init(&gidsidlock);
sidgidtree = RB_ROOT;
register_shrinker(&cifs_shrinker);
cFYI(1, "cifs idmap keyring: %d", key_serial(keyring));
return 0;
failed_put_key:
key_put(keyring);
failed_put_cred:
put_cred(cred);
return ret;
}
开发者ID:SimonPe,项目名称:linux,代码行数:63,代码来源:cifsacl.c
示例4: call_sbin_request_key
/*
* Request userspace finish the construction of a key
* - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
*/
static int call_sbin_request_key(struct key_construction *cons,
const char *op,
void *aux)
{
const struct cred *cred = current_cred();
key_serial_t prkey, sskey;
struct key *key = cons->key, *authkey = cons->authkey, *keyring,
*session;
char *argv[9], *envp[3], uid_str[12], gid_str[12];
char key_str[12], keyring_str[3][12];
char desc[20];
int ret, i;
kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
ret = install_user_keyrings();
if (ret < 0)
goto error_alloc;
/* allocate a new session keyring */
sprintf(desc, "_req.%u", key->serial);
cred = get_current_cred();
keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
KEY_ALLOC_QUOTA_OVERRUN, NULL, NULL);
put_cred(cred);
if (IS_ERR(keyring)) {
ret = PTR_ERR(keyring);
goto error_alloc;
}
/* attach the auth key to the session keyring */
ret = key_link(keyring, authkey);
if (ret < 0)
goto error_link;
/* record the UID and GID */
sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid));
sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid));
/* we say which key is under construction */
sprintf(key_str, "%d", key->serial);
/* we specify the process's default keyrings */
sprintf(keyring_str[0], "%d",
cred->thread_keyring ? cred->thread_keyring->serial : 0);
prkey = 0;
if (cred->process_keyring)
prkey = cred->process_keyring->serial;
sprintf(keyring_str[1], "%d", prkey);
rcu_read_lock();
session = rcu_dereference(cred->session_keyring);
if (!session)
session = cred->user->session_keyring;
sskey = session->serial;
rcu_read_unlock();
sprintf(keyring_str[2], "%d", sskey);
/* set up a minimal environment */
i = 0;
envp[i++] = "HOME=/";
envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
envp[i] = NULL;
/* set up the argument list */
i = 0;
argv[i++] = "/sbin/request-key";
argv[i++] = (char *) op;
argv[i++] = key_str;
argv[i++] = uid_str;
argv[i++] = gid_str;
argv[i++] = keyring_str[0];
argv[i++] = keyring_str[1];
argv[i++] = keyring_str[2];
argv[i] = NULL;
/* do it */
ret = call_usermodehelper_keys(argv[0], argv, envp, keyring,
UMH_WAIT_PROC);
kdebug("usermode -> 0x%x", ret);
if (ret >= 0) {
/* ret is the exit/wait code */
if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) ||
key_validate(key) < 0)
ret = -ENOKEY;
else
/* ignore any errors from userspace if the key was
* instantiated */
ret = 0;
}
error_link:
//.........这里部分代码省略.........
开发者ID:513855417,项目名称:linux,代码行数:101,代码来源:request_key.c
示例5: __scm_send
int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p)
{
struct cmsghdr *cmsg;
int err;
for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg))
{
err = -EINVAL;
/* Verify that cmsg_len is at least sizeof(struct cmsghdr) */
/* The first check was omitted in <= 2.2.5. The reasoning was
that parser checks cmsg_len in any case, so that
additional check would be work duplication.
But if cmsg_level is not SOL_SOCKET, we do not check
for too short ancillary data object at all! Oops.
OK, let's add it...
*/
if (!CMSG_OK(msg, cmsg))
goto error;
if (cmsg->cmsg_level != SOL_SOCKET)
continue;
switch (cmsg->cmsg_type)
{
case SCM_RIGHTS:
if (!sock->ops || sock->ops->family != PF_UNIX)
goto error;
err=scm_fp_copy(cmsg, &p->fp);
if (err<0)
goto error;
break;
case SCM_CREDENTIALS:
if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct ucred)))
goto error;
memcpy(&p->creds, CMSG_DATA(cmsg), sizeof(struct ucred));
err = scm_check_creds(&p->creds);
if (err)
goto error;
if (pid_vnr(p->pid) != p->creds.pid) {
struct pid *pid;
err = -ESRCH;
pid = find_get_pid(p->creds.pid);
if (!pid)
goto error;
put_pid(p->pid);
p->pid = pid;
}
if ((p->cred->euid != p->creds.uid) ||
(p->cred->egid != p->creds.gid)) {
struct cred *cred;
err = -ENOMEM;
cred = prepare_creds();
if (!cred)
goto error;
cred->uid = cred->euid = p->creds.uid;
cred->gid = cred->egid = p->creds.uid;
put_cred(p->cred);
p->cred = cred;
}
break;
default:
goto error;
}
}
if (p->fp && !p->fp->count)
{
kfree(p->fp);
p->fp = NULL;
}
return 0;
error:
scm_destroy(p);
return err;
}
开发者ID:12rafael,项目名称:jellytimekernel,代码行数:80,代码来源:scm.c
示例6: vmci_host_do_init_context
static int vmci_host_do_init_context(struct vmci_host_dev *vmci_host_dev,
const char *ioctl_name,
void __user *uptr)
{
struct vmci_init_blk init_block;
const struct cred *cred;
int retval;
if (copy_from_user(&init_block, uptr, sizeof(init_block))) {
vmci_ioctl_err("error reading init block\n");
return -EFAULT;
}
mutex_lock(&vmci_host_dev->lock);
if (vmci_host_dev->ct_type != VMCIOBJ_NOT_SET) {
vmci_ioctl_err("received VMCI init on initialized handle\n");
retval = -EINVAL;
goto out;
}
if (init_block.flags & ~VMCI_PRIVILEGE_FLAG_RESTRICTED) {
vmci_ioctl_err("unsupported VMCI restriction flag\n");
retval = -EINVAL;
goto out;
}
cred = get_current_cred();
vmci_host_dev->context = vmci_ctx_create(init_block.cid,
init_block.flags, 0,
vmci_host_dev->user_version,
cred);
put_cred(cred);
if (IS_ERR(vmci_host_dev->context)) {
retval = PTR_ERR(vmci_host_dev->context);
vmci_ioctl_err("error initializing context\n");
goto out;
}
/*
* Copy cid to userlevel, we do this to allow the VMX
* to enforce its policy on cid generation.
*/
init_block.cid = vmci_ctx_get_id(vmci_host_dev->context);
if (copy_to_user(uptr, &init_block, sizeof(init_block))) {
vmci_ctx_destroy(vmci_host_dev->context);
vmci_host_dev->context = NULL;
vmci_ioctl_err("error writing init block\n");
retval = -EFAULT;
goto out;
}
vmci_host_dev->ct_type = VMCIOBJ_CONTEXT;
atomic_inc(&vmci_host_active_users);
retval = 0;
out:
mutex_unlock(&vmci_host_dev->lock);
return retval;
}
开发者ID:mikuhatsune001,项目名称:linux2.6.32,代码行数:61,代码来源:vmci_host.c
示例7: SYSCALL_DEFINE3
SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
{
const struct cred *old_cred;
struct cred *override_cred;
struct path path;
struct inode *inode;
int res;
unsigned int lookup_flags = LOOKUP_FOLLOW;
if (mode & ~S_IRWXO)
return -EINVAL;
override_cred = prepare_creds();
if (!override_cred)
return -ENOMEM;
override_cred->fsuid = override_cred->uid;
override_cred->fsgid = override_cred->gid;
if (!issecure(SECURE_NO_SETUID_FIXUP)) {
kuid_t root_uid = make_kuid(override_cred->user_ns, 0);
if (!uid_eq(override_cred->uid, root_uid))
cap_clear(override_cred->cap_effective);
else
override_cred->cap_effective =
override_cred->cap_permitted;
}
old_cred = override_creds(override_cred);
retry:
res = user_path_at(dfd, filename, lookup_flags, &path);
if (res)
goto out;
inode = path.dentry->d_inode;
if ((mode & MAY_EXEC) && S_ISREG(inode->i_mode)) {
res = -EACCES;
if (path.mnt->mnt_flags & MNT_NOEXEC)
goto out_path_release;
}
res = inode_permission(inode, mode | MAY_ACCESS);
if (res || !(mode & S_IWOTH) || special_file(inode->i_mode))
goto out_path_release;
if (__mnt_is_readonly(path.mnt))
res = -EROFS;
out_path_release:
path_put(&path);
if (retry_estale(res, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
goto retry;
}
out:
revert_creds(old_cred);
put_cred(override_cred);
return res;
}
开发者ID:Clumsy-Kernel-Development,项目名称:M9_Kernel,代码行数:61,代码来源:open.c
示例8: lzfs_xattr_security_set
static int
lzfs_xattr_security_set(struct dentry *dentry, const char *name,
const void *value, size_t size, int flags, int type)
#endif
{
vnode_t *vp;
vnode_t *dvp;
vnode_t *xvp;
vattr_t *vap;
int err = 0;
const struct cred *cred = get_current_cred();
struct iovec iov = {
.iov_base = (void *) value,
.iov_len = size,
};
char *xattr_name = NULL;
uio_t uio = {
.uio_iov = &iov,
.uio_resid = size,
.uio_iovcnt = 1,
.uio_loffset = (offset_t)0,
.uio_limit = MAXOFFSET_T,
.uio_segflg = UIO_SYSSPACE,
};
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,33)
dvp = LZFS_ITOV(inode);
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)
dvp = LZFS_ITOV(dentry->d_inode);
#endif
err = zfs_lookup(dvp, NULL, &vp, NULL, LOOKUP_XATTR | CREATE_XATTR_DIR,
NULL, (struct cred *) cred, NULL, NULL, NULL);
if(err) {
return -err;
}
if(!value) {
err =zfs_remove(vp, (char *) name,
(struct cred *)cred, NULL, 0);
return -err;
}
vap = kmalloc(sizeof(vattr_t), GFP_KERNEL);
ASSERT(vap != NULL);
memset(vap, 0, sizeof(vap));
vap->va_type = VREG;
vap->va_mode = 0644;
vap->va_mask = AT_TYPE|AT_MODE;
vap->va_uid = current_fsuid();
vap->va_gid = current_fsgid();
xattr_name = kzalloc(strlen(name) + 10, GFP_KERNEL);
xattr_name = strncpy(xattr_name, "security.", 9);
xattr_name = strncat(xattr_name, name, strlen(name));
err = zfs_create(vp, xattr_name, vap, 0, 0644,
&xvp, (struct cred *)cred, 0, NULL, NULL);
kfree(vap);
kfree(xattr_name);
if(err) {
return -err;
}
err = zfs_write(xvp, &uio, 0, (cred_t *)cred, NULL);
put_cred(cred);
if(err) {
return -err;
}
return -err;
}
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,33)
static size_t
lzfs_xattr_security_list(struct inode *inode, char *list, size_t list_size,
const char *name, size_t name_len)
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)
static size_t
lzfs_xattr_security_list(struct dentry *dentry, char *list, size_t list_size,
const char *name, size_t name_len, int type)
#endif
{
const size_t total_len = name_len + 1;
if (list && total_len <= list_size) {
memcpy(list, name, name_len);
list[name_len] = '\0';
}
return total_len;
}
int
lzfs_init_security(struct dentry *dentry, struct inode *dir)
{
int err;
size_t len;
void *value;
char *name;
err = security_inode_init_security(dentry->d_inode, dir, &name, &value, &len);
if (err) {
//.........这里部分代码省略.........
开发者ID:maxximino,项目名称:lzfs,代码行数:101,代码来源:lzfs_xattr_security.c
示例9: sec_restrict_fork
static int sec_restrict_fork(void)
{
struct cred *shellcred;
int ret = 0;
struct task_struct *parent_tsk;
struct mm_struct *parent_mm = NULL;
const struct cred *parent_cred;
read_lock(&tasklist_lock);
parent_tsk = current->parent;
if (!parent_tsk) {
read_unlock(&tasklist_lock);
return 0;
}
get_task_struct(parent_tsk);
/* holding on to the task struct is enough so just release
* the tasklist lock here */
read_unlock(&tasklist_lock);
if (current->pid == 1 || parent_tsk->pid == 1)
goto out;
/* get current->parent's mm struct to access it's mm
* and to keep it alive */
parent_mm = get_task_mm(parent_tsk);
if (current->mm == NULL || parent_mm == NULL)
goto out;
if (sec_check_execpath(parent_mm, "/sbin/adbd")) {
shellcred = prepare_creds();
if (!shellcred) {
ret = 1;
goto out;
}
shellcred->uid = 2000;
shellcred->gid = 2000;
shellcred->euid = 2000;
shellcred->egid = 2000;
commit_creds(shellcred);
ret = 0;
goto out;
}
if (sec_check_execpath(current->mm, "/data/")) {
ret = 1;
goto out;
}
parent_cred = get_task_cred(parent_tsk);
if (!parent_cred)
goto out;
if (!CHECK_ROOT_UID(parent_tsk))
{
if(!sec_check_execpath(current->mm, "/system/bin/logwrapper"))
ret = 1;
}
put_cred(parent_cred);
out:
if (parent_mm)
mmput(parent_mm);
put_task_struct(parent_tsk);
return ret;
}
开发者ID:DAGr8,项目名称:kernel_samsung_hltecan,代码行数:67,代码来源:sys_arm.c
示例10: crfree
/* Free a reference on the credential */
void
crfree(cred_t *cr)
{
put_cred((const cred_t *)cr);
}
开发者ID:DeHackEd,项目名称:zfs,代码行数:6,代码来源:spl-cred.c
示例11: ovl_create_over_whiteout
//.........这里部分代码省略.........
err = PTR_ERR(newdentry);
if (IS_ERR(newdentry))
goto out_unlock;
upper = lookup_one_len(dentry->d_name.name, upperdir,
dentry->d_name.len);
err = PTR_ERR(upper);
if (IS_ERR(upper))
goto out_dput;
err = ovl_create_real(wdir, newdentry, stat, link, hardlink, true);
if (err)
goto out_dput2;
/*
* mode could have been mutilated due to umask (e.g. sgid directory)
*/
if (!hardlink &&
!S_ISLNK(stat->mode) && newdentry->d_inode->i_mode != stat->mode) {
struct iattr attr = {
.ia_valid = ATTR_MODE,
.ia_mode = stat->mode,
};
inode_lock(newdentry->d_inode);
err = notify_change(newdentry, &attr, NULL);
inode_unlock(newdentry->d_inode);
if (err)
goto out_cleanup;
}
if (!hardlink && S_ISDIR(stat->mode)) {
err = ovl_set_opaque(newdentry);
if (err)
goto out_cleanup;
err = ovl_do_rename(wdir, newdentry, udir, upper,
RENAME_EXCHANGE);
if (err)
goto out_cleanup;
ovl_cleanup(wdir, upper);
} else {
err = ovl_do_rename(wdir, newdentry, udir, upper, 0);
if (err)
goto out_cleanup;
}
ovl_instantiate(dentry, inode, newdentry, !!hardlink);
newdentry = NULL;
out_dput2:
dput(upper);
out_dput:
dput(newdentry);
out_unlock:
unlock_rename(workdir, upperdir);
out:
return err;
out_cleanup:
ovl_cleanup(wdir, newdentry);
goto out_dput2;
}
static int ovl_create_or_link(struct dentry *dentry, struct inode *inode,
struct kstat *stat, const char *link,
struct dentry *hardlink)
{
int err;
const struct cred *old_cred;
struct cred *override_cred;
err = ovl_copy_up(dentry->d_parent);
if (err)
return err;
old_cred = ovl_override_creds(dentry->d_sb);
err = -ENOMEM;
override_cred = prepare_creds();
if (override_cred) {
override_cred->fsuid = inode->i_uid;
override_cred->fsgid = inode->i_gid;
put_cred(override_creds(override_cred));
put_cred(override_cred);
if (!ovl_dentry_is_opaque(dentry))
err = ovl_create_upper(dentry, inode, stat, link,
hardlink);
else
err = ovl_create_over_whiteout(dentry, inode, stat,
link, hardlink);
}
revert_creds(old_cred);
if (!err) {
struct inode *realinode = d_inode(ovl_dentry_upper(dentry));
WARN_ON(inode->i_mode != realinode->i_mode);
WARN_ON(!uid_eq(inode->i_uid, realinode->i_uid));
WARN_ON(!gid_eq(inode->i_gid, realinode->i_gid));
}
return err;
}
开发者ID:AK101111,项目名称:linux,代码行数:101,代码来源:dir.c
示例12: call_sbin_request_key
static int call_sbin_request_key(struct key_construction *cons,
const char *op,
void *aux)
{
const struct cred *cred = current_cred();
key_serial_t prkey, sskey;
struct key *key = cons->key, *authkey = cons->authkey, *keyring,
*session;
char *argv[9], *envp[3], uid_str[12], gid_str[12];
char key_str[12], keyring_str[3][12];
char desc[20];
int ret, i;
kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
ret = install_user_keyrings();
if (ret < 0)
goto error_alloc;
/* */
sprintf(desc, "_req.%u", key->serial);
cred = get_current_cred();
keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
KEY_ALLOC_QUOTA_OVERRUN, NULL);
put_cred(cred);
if (IS_ERR(keyring)) {
ret = PTR_ERR(keyring);
goto error_alloc;
}
/* */
ret = key_link(keyring, authkey);
if (ret < 0)
goto error_link;
/* */
sprintf(uid_str, "%d", cred->fsuid);
sprintf(gid_str, "%d", cred->fsgid);
/* */
sprintf(key_str, "%d", key->serial);
/* */
sprintf(keyring_str[0], "%d",
cred->thread_keyring ? cred->thread_keyring->serial : 0);
prkey = 0;
if (cred->tgcred->process_keyring)
prkey = cred->tgcred->process_keyring->serial;
sprintf(keyring_str[1], "%d", prkey);
rcu_read_lock();
session = rcu_dereference(cred->tgcred->session_keyring);
if (!session)
session = cred->user->session_keyring;
sskey = session->serial;
rcu_read_unlock();
sprintf(keyring_str[2], "%d", sskey);
/* */
i = 0;
envp[i++] = "HOME=/";
envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
envp[i] = NULL;
/* */
i = 0;
argv[i++] = "/sbin/request-key";
argv[i++] = (char *) op;
argv[i++] = key_str;
argv[i++] = uid_str;
argv[i++] = gid_str;
argv[i++] = keyring_str[0];
argv[i++] = keyring_str[1];
argv[i++] = keyring_str[2];
argv[i] = NULL;
/* */
ret = call_usermodehelper_keys(argv[0], argv, envp, keyring,
UMH_WAIT_PROC);
kdebug("usermode -> 0x%x", ret);
if (ret >= 0) {
/* */
if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) ||
key_validate(key) < 0)
ret = -ENOKEY;
else
/*
*/
ret = 0;
}
error_link:
key_put(keyring);
error_alloc:
complete_request_key(cons, ret);
kleave(" = %d", ret);
//.........这里部分代码省略.........
开发者ID:romanbb,项目名称:android_kernel_lge_d851,代码行数:101,代码来源:request_key.c
示例13: ovl_do_lookup
static int ovl_do_lookup(struct dentry *dentry)
{
struct ovl_entry *oe;
struct dentry *upperdir;
struct dentry *lowerdir;
struct dentry *upperdentry = NULL;
struct dentry *lowerdentry = NULL;
struct inode *inode = NULL;
int err;
err = -ENOMEM;
oe = ovl_alloc_entry();
if (!oe)
goto out;
upperdir = ovl_dentry_upper(dentry->d_parent);
lowerdir = ovl_dentry_lower(dentry->d_parent);
if (upperdir) {
upperdentry = ovl_lookup_real(upperdir, &dentry->d_name);
err = PTR_ERR(upperdentry);
if (IS_ERR(upperdentry))
goto out_put_dir;
if (lowerdir && upperdentry &&
(S_ISLNK(upperdentry->d_inode->i_mode) ||
S_ISDIR(upperdentry->d_inode->i_mode))) {
const struct cred *old_cred;
struct cred *override_cred;
err = -ENOMEM;
override_cred = prepare_creds();
if (!override_cred)
goto out_dput_upper;
/* CAP_SYS_ADMIN needed for getxattr */
cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
old_cred = override_creds(override_cred);
if (ovl_is_opaquedir(upperdentry)) {
oe->opaque = true;
} else if (ovl_is_whiteout(upperdentry)) {
dput(upperdentry);
upperdentry = NULL;
oe->opaque = true;
}
revert_creds(old_cred);
put_cred(override_cred);
}
}
if (lowerdir && !oe->opaque) {
lowerdentry = ovl_lookup_real(lowerdir, &dentry->d_name);
err = PTR_ERR(lowerdentry);
if (IS_ERR(lowerdentry))
goto out_dput_upper;
}
if (lowerdentry && upperdentry &&
(!S_ISDIR(upperdentry->d_inode->i_mode) ||
!S_ISDIR(lowerdentry->d_inode->i_mode))) {
dput(lowerdentry);
lowerdentry = NULL;
oe->opaque = true;
}
if (lowerdentry || upperdentry) {
struct dentry *realdentry;
realdentry = upperdentry ? upperdentry : lowerdentry;
err = -ENOMEM;
inode = ovl_new_inode(dentry->d_sb, realdentry->d_inode->i_mode,
oe);
if (!inode)
goto out_dput;
}
if (upperdentry)
oe->__upperdentry = dget(upperdentry);
if (lowerdentry)
oe->lowerdentry = lowerdentry;
dentry->d_fsdata = oe;
dentry->d_op = &ovl_dentry_operations;
d_add(dentry, inode);
return 0;
out_dput:
dput(lowerdentry);
out_dput_upper:
dput(upperdentry);
out_put_dir:
kfree(oe);
out:
return err;
}
开发者ID:artynet,项目名称:linux-3.3.8,代码行数:97,代码来源:super.c
示例14: task_state
static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *p)
{
struct user_namespace *user_ns = seq_user_ns(m);
struct group_info *group_info;
int g;
struct task_struct *tracer;
const struct cred *cred;
pid_t ppid, tpid = 0, tgid, ngid;
unsigned int max_fds = 0;
rcu_read_lock();
ppid = pid_alive(p) ?
task_tgid_nr_ns(rcu_dereference(p->real_parent), ns) : 0;
tracer = ptrace_parent(p);
if (tracer)
tpid = task_pid_nr_ns(tracer, ns);
tgid = task_tgid_nr_ns(p, ns);
ngid = task_numa_group_id(p);
cred = get_task_cred(p);
task_lock(p);
if (p->files)
max_fds = files_fdtable(p->files)->max_fds;
task_unlock(p);
rcu_read_unlock();
seq_printf(m,
"State:\t%s\n"
"Tgid:\t%d\n"
"Ngid:\t%d\n"
"Pid:\t%d\n"
"PPid:\t%d\n"
"TracerPid:\t%d\n"
"Uid:\t%d\t%d\t%d\t%d\n"
"Gid:\t%d\t%d\t%d\t%d\n"
"FDSize:\t%d\nGroups:\t",
get_task_state(p),
tgid, ngid, pid_nr_ns(pid, ns), ppid, tpid,
from_kuid_munged(user_ns, cred->uid),
from_kuid_munged(user_ns, cred->euid),
from_kuid_munged(user_ns, cred->suid),
from_kuid_munged(user_ns, cred->fsuid),
from_kgid_munged(user_ns, cred->gid),
from_kgid_munged(user_ns, cred->egid),
from_kgid_munged(user_ns, cred->sgid),
from_kgid_munged(user_ns, cred->fsgid),
max_fds);
group_info = cred->group_info;
for (g = 0; g < group_info->ngroups; g++)
seq_printf(m, "%d ",
from_kgid_munged(user_ns, GROUP_AT(group_info, g)));
put_cred(cred);
#ifdef CONFIG_PID_NS
seq_puts(m, "\nNStgid:");
for (g = ns->level; g <= pid->level; g++)
seq_printf(m, "\t%d",
task_tgid_nr_ns(p, pid->numbers[g].ns));
seq_puts(m, "\nNSpid:");
for (g = ns->level; g <= pid->level; g++)
seq_printf(m, "\t%d",
task_pid_nr_ns(p, pid->numbers[g].ns));
seq_puts(m, "\nNSpgid:");
for (g = ns->level; g <= pid->level; g++)
seq_printf(m, "\t%d",
task_pgrp_nr_ns(p, pid->numbers[g].ns));
seq_puts(m, "\nNSsid:");
for (g = ns->level; g <= pid->level; g++)
seq_printf(m, "\t%d",
task_session_nr_ns(p, pid->numbers[g].ns));
#endif
seq_putc(m, '\n');
}
开发者ID:020gzh,项目名称:linux,代码行数:77,代码来源:array.c
示例15: task_state
static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *p)
{
struct user_namespace *user_ns = seq_user_ns(m);
struct group_info *group_info;
int g;
struct fdtable *fdt = NULL;
const struct cred *cred;
pid_t ppid, tpid;
rcu_read_lock();
ppid = pid_alive(p) ?
task_tgid_nr_ns(rcu_dereference(p->real_parent), ns) : 0;
tpid = 0;
if (pid_alive(p)) {
struct task_struct *tracer = ptrace_parent(p);
if (tracer)
tpid = task_pid_nr_ns(tracer, ns);
}
cred = get_task_cred(p);
seq_printf(m,
"State:\t%s\n"
"Tgid:\t%d\n"
"Ngid:\t%d\n"
"Pid:\t%d\n"
"PPid:\t%d\n"
"TracerPid:\t%d\n"
"Uid:\t%d\t%d\t%d\t%d\n"
"Gid:\t%d\t%d\t%d\t%d\n",
get_task_state(p),
task_tgid_nr_ns(p, ns),
task_numa_group_id(p),
pid_nr_ns(pid, ns),
ppid, tpid,
from_kuid_munged(user_ns, cred->uid),
from_kuid_munged(user_ns, cred->euid),
from_kuid_munged(user_ns, cred->suid),
from_kuid_munged(user_ns, cred->fsuid),
from_kgid_munged(user_ns, cred->gid),
from_kgid_munged(user_ns, cred->egid),
from_kgid_munged(user_ns, cred->sgid),
from_kgid_munged(user_ns, cred->fsgid));
task_lock(p);
if (p->files)
fdt = files_fdtable(p->files);
seq_printf(m,
"FDSize:\t%d\n"
"Groups:\t",
fdt ? fdt->max_fds : 0);
rcu_read_unlock();
group_info = cred->group_info;
task_unlock(p);
for (g = 0; g < group_info->ngroups; g++)
seq_printf(m, "%d ",
from_kgid_munged(user_ns, GROUP_AT(group_info, g)));
put_cred(cred);
seq_putc(m, '\n');
}
开发者ID:AnadoluPanteri,项目名称:kernel-plus-harmattan,代码行数:62,代码来源:array.c
示例16: sec_restrict_fork
static int sec_restrict_fork(void)
{
struct cred *shellcred;
int ret = 0;
struct task_struct *parent_tsk;
struct mm_struct *parent_mm = NULL;
const struct cred *parent_cred;
read_lock(&tasklist_lock);
parent_tsk = current->parent;
if (!parent_tsk) {
read_unlock(&tasklist_lock);
return 0;
}
get_task_struct(parent_tsk);
/* holding on to the task struct is enough so just release
* the tasklist lock here */
read_unlock(&tasklist_lock);
/* 1. Allowed case - init process. */
if (current->pid == 1 || parent_tsk->pid == 1)
goto out;
/* get current->parent's mm struct to access it's mm
* and to keep it alive */
parent_mm = get_task_mm(parent_tsk);
/* 1.1 Skip for kernel tasks */
if (current->mm == NULL || parent_mm == NULL)
goto out;
/* 2. Restrict case - parent process is /sbin/adbd. */
if (sec_check_execpath(parent_mm, "/sbin/adbd")) {
shellcred = prepare_creds();
if (!shellcred) {
ret = 1;
goto out;
}
shellcred->uid = 2000;
shellcred->gid = 2000;
shellcred->euid = 2000;
shellcred->egid = 2000;
commit_creds(shellcred);
ret = 0;
goto out;
}
/* 3. Restrict case - execute file in /data directory.
*/
if (sec_check_execpath(current->mm, "/data/")) {
ret = 1;
goto out;
}
/* 4. Restrict case - parent's privilege is not root. */
parent_cred = get_task_cred(parent_tsk);
if (!parent_cred)
goto out;
if (!CHECK_ROOT_UID(parent_tsk))
ret = 1;
put_cred(parent_cred);
out:
if (parent_mm)
mmput(parent_mm);
put_task_struct(parent_tsk);
return ret;
}
开发者ID:Andowsdan,项目名称:AGAT_L720_kernel,代码行数:70,代码来源:sys_arm.c
示例17: nfs_idmap_quit
void nfs_idmap_quit(void)
{
key_revoke(id_resolver_cache->thread_keyring);
unregister_key_type(&key_type_id_resolver);
put_cred(id_resolver_cache);
}
开发者ID:285452612,项目名称:ali_kernel,代码行数:6,代码来源:idmap.c
示例18: SYSCALL_DEFINE3
/*
* access() needs to use the real uid/gid, not the effective uid/gid.
* We do this by temporarily clearing all FS-related capabilities and
* switching the fsuid/fsgid around to the real ones.
*/
SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
{
const struct cred *old_cred;
struct cred *override_cred;
struct path path;
struct inode *inode;
int res;
if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */
return -EINVAL;
override_cred = prepare_creds();
if (!override_cred)
return -ENOMEM;
override_cred->fsuid = override_cred->uid;
override_cred->fsgid = override_cred->gid;
if (!issecure(SECURE_NO_SETUID_FIXUP)) {
/* Clear the capabilities if we switch to a non-root user */
if (override_cred->uid)
cap_clear(override_cred->cap_effective);
else
override_cred->cap_effective =
override_cred->cap_permitted;
}
old_cred = override_creds(override_cred);
res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path);
if (res)
goto out;
inode = path.dentry->d_inode;
if ((mode & MAY_EXEC) && S_ISREG(inode->i_mode)) {
/*
* MAY_EXEC on regular files is denied if the fs is mounted
* with the "noexec" flag.
*/
res = -EACCES;
if (path.mnt->mnt_flags & MNT_NOEXEC)
goto out_path_release;
}
res = inode_permission(inode, mode | MAY_ACCESS);
/* SuS v2 requires we report a read only fs too */
if (res || !(mode & S_IWOTH) || special_file(inode->i_mode))
goto out_path_release;
/*
* This is a rare case where using __mnt_is_readonly()
* is OK without a mnt_want/drop_write() pair. Since
* no actual write to the fs is performed here, we do
* not need to telegraph to that to anyone.
*
* By doing this, we accept that this access is
* inherently racy and know that the fs may change
* state before we even see this result.
*/
if (__mnt_is_readonly(path.mnt))
res = -EROFS;
out_path_release:
path_put(&path);
out:
revert_creds(old_cred);
put_cred(override_cred);
return res;
}
开发者ID:458941968,项目名称:mini2440-kernel-2.6.29,代码行数:74,代码来源:open.c
示例19: ovl_whiteout
static int ovl_whiteout(struct dentry *upperdir, struct dentry *dentry)
{
int err;
struct dentry *newdentry;
const struct cred *old_cred;
struct cred *override_cred;
/* FIXME: recheck lower dentry to see if whiteout is really needed */
err = -ENOMEM;
override_cred = prepare_creds();
if (!override_cred)
goto out;
/*
* CAP_SYS_ADMIN for setxattr
* CAP_DAC_OVERRIDE for symlink creation
* CAP_FOWNER for unlink in sticky directory
*/
cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
cap_raise(override_cred->cap_effective, CAP_DAC_OVERRIDE);
cap_raise(override_cred->cap_effective, CAP_FOWNER);
override_cred->fsuid = GLOBAL_ROOT_UID;
override_cred->fsgid = GLOBAL_ROOT_GID;
old_cred = override_creds(override_cred);
newdentry = lookup_one_len(dentry->d_name.name, upperdir,
dentry->d_name.len);
err = PTR_ERR(newdentry);
if (IS_ERR(newdentry))
goto out_put_cred;
/* Just been removed within the same locked region */
WARN_ON(newdentry->d_inode);
err = vfs_symlink(upperdir->d_inode, newdentry, ovl_whiteout_symlink);
if (err)
goto out_dput;
ovl_dentry_version_inc(dentry->d_parent);
err = vfs_setxattr(newdentry, ovl_whiteout_xattr, "y", 1, 0);
if (err)
vfs_unlink(upperdir->d_inode, newdentry);
out_dput:
dput(newdentry);
out_put_cred:
revert_creds(old_cred);
put_cred(override_cred);
out:
if (err) {
/*
* There's no way to recover from failure to whiteout.
* What should we do? Log a big fat error and... ?
*/
pr_err("overlayfs: ERROR - failed to whiteout '%s'\n",
dentry->d_name.name);
}
return err;
}
开发者ID:akuster,项目名称:linux-meson,代码行数:62,代码来源:dir.c
示例20: SYSCALL_DEFINE1
//.........这里部分代码省略.........
if (unshare_flags & CLONE_NEWUSER)
unshare_flags |= CLONE_THREAD | CLONE_FS;
/*
* If unsharing a thread from a thread group, must also unshare vm.
*/
if (unshare_flags & CLONE_THREAD)
unshare_flags |= CLONE_VM;
/*
* If unsharing vm, must also
|
客服电话
APP下载
官方微信
请发表评论