Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- diff -aur linux-4.2/arch/x86/ia32/sys_ia32.c linux-4.2.tsarn1/arch/x86/ia32/sys_ia32.c
- --- linux-4.2/arch/x86/ia32/sys_ia32.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/arch/x86/ia32/sys_ia32.c 2016-02-08 16:51:12.597891701 +0300
- @@ -95,12 +95,26 @@
- return 0;
- }
- +int cher_patch_is_secure_path(const char *);
- +
- asmlinkage long sys32_stat64(const char __user *filename,
- struct stat64 __user *statbuf)
- {
- struct kstat stat;
- - int ret = vfs_stat(filename, &stat);
- + int ret = 0;
- +
- + if (SBOX_IS_RESTRICTED()) {
- + struct filename *tmp = getname(filename);
- + if (IS_ERR(tmp)) return -EINVAL;
- + if (cher_patch_is_secure_path(tmp->name) < 0) {
- + putname(tmp);
- + return -EPERM;
- + }
- + if (!strncmp(tmp->name, "/SANDBOX/", 9)) filename += 9;
- + putname(tmp);
- + }
- + ret = vfs_stat(filename, &stat);
- if (!ret)
- ret = cp_stat64(statbuf, &stat);
- return ret;
- @@ -110,7 +124,20 @@
- struct stat64 __user *statbuf)
- {
- struct kstat stat;
- - int ret = vfs_lstat(filename, &stat);
- + int ret = 0;
- +
- + if (SBOX_IS_RESTRICTED()) {
- + struct filename *tmp = getname(filename);
- + if (IS_ERR(tmp)) return -EINVAL;
- + if (cher_patch_is_secure_path(tmp->name) < 0) {
- + putname(tmp);
- + return -EPERM;
- + }
- + if (!strncmp(tmp->name, "/SANDBOX/", 9)) filename += 9;
- + putname(tmp);
- + }
- +
- + ret = vfs_lstat(filename, &stat);
- if (!ret)
- ret = cp_stat64(statbuf, &stat);
- return ret;
- @@ -131,6 +158,10 @@
- struct kstat stat;
- int error;
- + if (SBOX_IS_RESTRICTED()) {
- + return -EPERM;
- + }
- +
- error = vfs_fstatat(dfd, filename, &stat, flag);
- if (error)
- return error;
- diff -aur linux-4.2/arch/x86/kernel/ioport.c linux-4.2.tsarn1/arch/x86/kernel/ioport.c
- --- linux-4.2/arch/x86/kernel/ioport.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/arch/x86/kernel/ioport.c 2016-02-08 16:51:12.597891701 +0300
- @@ -26,6 +26,11 @@
- struct tss_struct *tss;
- unsigned int i, max_long, bytes, bytes_updated;
- + if (SBOX_IS_RESTRICTED()) {
- + //SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
- return -EINVAL;
- if (turn_on && !capable(CAP_SYS_RAWIO))
- @@ -99,6 +104,11 @@
- unsigned int old = (regs->flags >> 12) & 3;
- struct thread_struct *t = ¤t->thread;
- + if (SBOX_IS_RESTRICTED()) {
- + //SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (level > 3)
- return -EINVAL;
- /* Trying to gain more privileges? */
- diff -aur linux-4.2/arch/x86/kernel/ldt.c linux-4.2.tsarn1/arch/x86/kernel/ldt.c
- --- linux-4.2/arch/x86/kernel/ldt.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/arch/x86/kernel/ldt.c 2016-02-08 16:51:12.597891701 +0300
- @@ -276,6 +276,11 @@
- {
- int ret = -ENOSYS;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- switch (func) {
- case 0:
- ret = read_ldt(ptr, bytecount);
- diff -aur linux-4.2/arch/x86/kernel/vm86_32.c linux-4.2.tsarn1/arch/x86/kernel/vm86_32.c
- --- linux-4.2/arch/x86/kernel/vm86_32.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/arch/x86/kernel/vm86_32.c 2016-02-08 16:51:12.597891701 +0300
- @@ -212,6 +212,11 @@
- struct task_struct *tsk = current;
- int tmp;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (tsk->thread.saved_sp0)
- return -EPERM;
- tmp = copy_vm86_regs_from_user(&info.regs, &v86->regs,
- @@ -238,6 +243,11 @@
- int tmp;
- struct vm86plus_struct __user *v86;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- tsk = current;
- switch (cmd) {
- case VM86_REQUEST_IRQ:
- diff -aur linux-4.2/fs/aio.c linux-4.2.tsarn1/fs/aio.c
- --- linux-4.2/fs/aio.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/aio.c 2016-02-08 16:51:12.654559031 +0300
- @@ -1310,6 +1310,9 @@
- unsigned long ctx;
- long ret;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- ret = get_user(ctx, ctxp);
- if (unlikely(ret))
- goto out;
- @@ -1342,9 +1345,16 @@
- */
- SYSCALL_DEFINE1(io_destroy, aio_context_t, ctx)
- {
- - struct kioctx *ioctx = lookup_ioctx(ctx);
- + struct kioctx *ioctx = NULL;
- +
- + if (SBOX_IS_RESTRICTED()) {
- + return -EPERM;
- + }
- +
- + ioctx = lookup_ioctx(ctx);
- if (likely(NULL != ioctx)) {
- struct ctx_rq_wait wait;
- +
- int ret;
- init_completion(&wait.comp);
- @@ -1628,6 +1638,9 @@
- SYSCALL_DEFINE3(io_submit, aio_context_t, ctx_id, long, nr,
- struct iocb __user * __user *, iocbpp)
- {
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- return do_io_submit(ctx_id, nr, iocbpp, 0);
- }
- @@ -1670,6 +1683,9 @@
- u32 key;
- int ret;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- ret = get_user(key, &iocb->aio_key);
- if (unlikely(ret))
- return -EFAULT;
- @@ -1720,9 +1736,13 @@
- struct io_event __user *, events,
- struct timespec __user *, timeout)
- {
- - struct kioctx *ioctx = lookup_ioctx(ctx_id);
- + struct kioctx *ioctx;
- long ret = -EINVAL;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- + ioctx = lookup_ioctx(ctx_id);
- if (likely(ioctx)) {
- if (likely(min_nr <= nr && min_nr >= 0))
- ret = read_events(ioctx, min_nr, nr, events, timeout);
- diff -aur linux-4.2/fs/buffer.c linux-4.2.tsarn1/fs/buffer.c
- --- linux-4.2/fs/buffer.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/buffer.c 2016-02-08 16:51:12.657892404 +0300
- @@ -3294,6 +3294,9 @@
- {
- static int msg_count;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (!capable(CAP_SYS_ADMIN))
- return -EPERM;
- Only in linux-4.2.tsarn1/fs: buffer.c.orig
- diff -aur linux-4.2/fs/compat.c linux-4.2.tsarn1/fs/compat.c
- --- linux-4.2/fs/compat.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/compat.c 2016-02-08 16:51:12.657892404 +0300
- @@ -77,6 +77,11 @@
- {
- struct timespec tv[2];
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (t) {
- if (get_user(tv[0].tv_sec, &t->actime) ||
- get_user(tv[1].tv_sec, &t->modtime))
- @@ -91,6 +96,11 @@
- {
- struct timespec tv[2];
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (t) {
- if (compat_get_timespec(&tv[0], &t[0]) ||
- compat_get_timespec(&tv[1], &t[1]))
- @@ -106,6 +116,11 @@
- {
- struct timespec tv[2];
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (t) {
- if (get_user(tv[0].tv_sec, &t[0].tv_sec) ||
- get_user(tv[0].tv_nsec, &t[0].tv_usec) ||
- @@ -159,12 +174,25 @@
- return copy_to_user(ubuf, &tmp, sizeof(tmp)) ? -EFAULT : 0;
- }
- +int cher_patch_is_secure_path(const char*);
- +
- COMPAT_SYSCALL_DEFINE2(newstat, const char __user *, filename,
- struct compat_stat __user *, statbuf)
- {
- struct kstat stat;
- int error;
- + if (SBOX_IS_RESTRICTED()) {
- + struct filename *tmp = getname(filename);
- + if (IS_ERR(tmp)) return -EINVAL;
- + if (cher_patch_is_secure_path(tmp->name) < 0) {
- + putname(tmp);
- + return -EPERM;
- + }
- + if (!strncmp(tmp->name, "/SANDBOX/", 9)) filename += 9;
- + putname(tmp);
- + }
- +
- error = vfs_stat(filename, &stat);
- if (error)
- return error;
- @@ -177,6 +205,17 @@
- struct kstat stat;
- int error;
- + if (SBOX_IS_RESTRICTED()) {
- + struct filename *tmp = getname(filename);
- + if (IS_ERR(tmp)) return -EINVAL;
- + if (cher_patch_is_secure_path(tmp->name) < 0) {
- + putname(tmp);
- + return -EPERM;
- + }
- + if (!strncmp(tmp->name, "/SANDBOX/", 9)) filename += 9;
- + putname(tmp);
- + }
- +
- error = vfs_lstat(filename, &stat);
- if (error)
- return error;
- @@ -191,6 +230,9 @@
- struct kstat stat;
- int error;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- error = vfs_fstatat(dfd, filename, &stat, flag);
- if (error)
- return error;
- @@ -250,7 +292,12 @@
- COMPAT_SYSCALL_DEFINE2(statfs, const char __user *, pathname, struct compat_statfs __user *, buf)
- {
- struct kstatfs tmp;
- - int error = user_statfs(pathname, &tmp);
- + int error;
- +
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- + error = user_statfs(pathname, &tmp);
- if (!error)
- error = put_compat_statfs(buf, &tmp);
- return error;
- @@ -259,7 +306,12 @@
- COMPAT_SYSCALL_DEFINE2(fstatfs, unsigned int, fd, struct compat_statfs __user *, buf)
- {
- struct kstatfs tmp;
- - int error = fd_statfs(fd, &tmp);
- + int error;
- +
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- + error = fd_statfs(fd, &tmp);
- if (!error)
- error = put_compat_statfs(buf, &tmp);
- return error;
- @@ -303,6 +355,9 @@
- struct kstatfs tmp;
- int error;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (sz != sizeof(*buf))
- return -EINVAL;
- @@ -317,6 +372,9 @@
- struct kstatfs tmp;
- int error;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (sz != sizeof(*buf))
- return -EINVAL;
- @@ -335,7 +393,12 @@
- {
- struct compat_ustat tmp;
- struct kstatfs sbuf;
- - int err = vfs_ustat(new_decode_dev(dev), &sbuf);
- + int err;
- +
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- + err = vfs_ustat(new_decode_dev(dev), &sbuf);
- if (err)
- return err;
- @@ -422,6 +485,9 @@
- long ret;
- unsigned int conv_cmd;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- switch (cmd) {
- case F_GETLK:
- case F_SETLK:
- @@ -506,6 +572,9 @@
- long ret;
- aio_context_t ctx64;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- mm_segment_t oldfs = get_fs();
- if (unlikely(get_user(ctx64, ctx32p)))
- return -EFAULT;
- @@ -529,6 +598,9 @@
- struct timespec t;
- struct timespec __user *ut = NULL;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (timeout) {
- if (compat_get_timespec(&t, timeout))
- return -EFAULT;
- @@ -639,6 +711,9 @@
- struct iocb __user * __user *iocb64;
- long ret;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (unlikely(nr < 0))
- return -EINVAL;
- @@ -796,6 +871,11 @@
- char *kernel_dev;
- int retval;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- kernel_type = copy_mount_string(type);
- retval = PTR_ERR(kernel_type);
- if (IS_ERR(kernel_type))
- @@ -1098,6 +1178,10 @@
- */
- COMPAT_SYSCALL_DEFINE4(openat, int, dfd, const char __user *, filename, int, flags, umode_t, mode)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- return do_sys_open(dfd, filename, flags, mode);
- }
- @@ -1476,6 +1560,11 @@
- COMPAT_SYSCALL_DEFINE3(open_by_handle_at, int, mountdirfd,
- struct file_handle __user *, handle, int, flags)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return do_handle_open(mountdirfd, handle, flags);
- }
- #endif
- diff -aur linux-4.2/fs/compat_ioctl.c linux-4.2.tsarn1/fs/compat_ioctl.c
- --- linux-4.2/fs/compat_ioctl.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/compat_ioctl.c 2016-02-08 16:51:12.657892404 +0300
- @@ -1550,6 +1550,11 @@
- if (!f.file)
- goto out;
- + if (SBOX_IS_RESTRICTED() && cmd != FIOCLEX && cmd != FIONCLEX) {
- + error = -EPERM;
- + goto out_fput;
- + }
- +
- /* RED-PEN how should LSM module know it's handling 32bit? */
- error = security_file_ioctl(f.file, cmd, arg);
- if (error)
- Only in linux-4.2.tsarn1/fs: compat_ioctl.c.orig
- diff -aur linux-4.2/fs/dcache.c linux-4.2.tsarn1/fs/dcache.c
- --- linux-4.2/fs/dcache.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/dcache.c 2016-02-08 16:51:12.657892404 +0300
- @@ -3242,8 +3242,14 @@
- {
- int error;
- struct path pwd, root;
- - char *page = __getname();
- + char *page = 0;
- + if (SBOX_IS_RESTRICTED()) {
- + copy_to_user(buf, "/SANDBOX", 9);
- + return 9;
- + }
- +
- + page = __getname();
- if (!page)
- return -ENOMEM;
- Only in linux-4.2.tsarn1/fs: dcache.c.orig
- diff -aur linux-4.2/fs/dcookies.c linux-4.2.tsarn1/fs/dcookies.c
- --- linux-4.2/fs/dcookies.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/dcookies.c 2016-02-08 16:51:12.657892404 +0300
- @@ -155,6 +155,11 @@
- size_t pathlen;
- struct dcookie_struct * dcs;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- /* we could leak path information to users
- * without dir read permission without this
- */
- diff -aur linux-4.2/fs/eventfd.c linux-4.2.tsarn1/fs/eventfd.c
- --- linux-4.2/fs/eventfd.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/eventfd.c 2016-02-08 16:51:12.657892404 +0300
- @@ -422,6 +422,9 @@
- int fd, error;
- struct file *file;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- error = get_unused_fd_flags(flags & EFD_SHARED_FCNTL_FLAGS);
- if (error < 0)
- return error;
- diff -aur linux-4.2/fs/eventpoll.c linux-4.2.tsarn1/fs/eventpoll.c
- --- linux-4.2/fs/eventpoll.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/eventpoll.c 2016-02-08 16:51:12.657892404 +0300
- @@ -1767,6 +1767,9 @@
- struct eventpoll *ep = NULL;
- struct file *file;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- /* Check the EPOLL_* constant for consistency. */
- BUILD_BUG_ON(EPOLL_CLOEXEC != O_CLOEXEC);
- @@ -1828,6 +1831,9 @@
- struct epoll_event epds;
- struct eventpoll *tep = NULL;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- error = -EFAULT;
- if (ep_op_has_event(op) &&
- copy_from_user(&epds, event, sizeof(struct epoll_event)))
- @@ -1965,6 +1971,9 @@
- struct fd f;
- struct eventpoll *ep;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- /* The maximum number of event must be greater than zero */
- if (maxevents <= 0 || maxevents > EP_MAX_EVENTS)
- return -EINVAL;
- @@ -2011,6 +2020,9 @@
- int error;
- sigset_t ksigmask, sigsaved;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- /*
- * If the caller wants a certain signal mask to be set during the wait,
- * we apply it here.
- diff -aur linux-4.2/fs/exec.c linux-4.2.tsarn1/fs/exec.c
- --- linux-4.2/fs/exec.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/exec.c 2016-02-08 16:51:12.661225775 +0300
- @@ -121,6 +121,11 @@
- if (IS_ERR(tmp))
- goto out;
- + if (SBOX_IS_RESTRICTED()) {
- + putname(tmp);
- + return -EPERM;
- + }
- +
- file = do_filp_open(AT_FDCWD, tmp, &uselib_flags);
- putname(tmp);
- error = PTR_ERR(file);
- @@ -1486,6 +1491,15 @@
- struct files_struct *displaced;
- int retval;
- + if (SBOX_IS_RESTRICTED() && fd != AT_FDCWD) {
- + retval = -EPERM;
- + goto out_ret;
- + }
- + if ((current->sbox_flags & SBOX_NO_EXEC)) {
- + SBOX_SET_SECURITY_ERR();
- + goto out_ret;
- + }
- +
- if (IS_ERR(filename))
- return PTR_ERR(filename);
- @@ -1595,6 +1609,9 @@
- putname(filename);
- if (displaced)
- put_files_struct(displaced);
- + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) {
- + current->sbox_flags |= SBOX_NO_EXEC;
- + }
- return retval;
- out:
- diff -aur linux-4.2/fs/fcntl.c linux-4.2.tsarn1/fs/fcntl.c
- --- linux-4.2/fs/fcntl.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/fcntl.c 2016-02-08 16:51:12.661225775 +0300
- @@ -361,6 +361,11 @@
- if (!f.file)
- goto out;
- + if (SBOX_IS_RESTRICTED() && !check_fcntl_cmd(cmd)) {
- + err = -EPERM;
- + goto out1;
- + }
- +
- if (unlikely(f.file->f_mode & FMODE_PATH)) {
- if (!check_fcntl_cmd(cmd))
- goto out1;
- @@ -386,6 +391,11 @@
- if (!f.file)
- goto out;
- + if (SBOX_IS_RESTRICTED() && !check_fcntl_cmd(cmd)) {
- + err = -EPERM;
- + goto out1;
- + }
- +
- if (unlikely(f.file->f_mode & FMODE_PATH)) {
- if (!check_fcntl_cmd(cmd))
- goto out1;
- diff -aur linux-4.2/fs/fhandle.c linux-4.2.tsarn1/fs/fhandle.c
- --- linux-4.2/fs/fhandle.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/fhandle.c 2016-02-08 16:51:12.661225775 +0300
- @@ -97,6 +97,11 @@
- int lookup_flags;
- int err;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if ((flag & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0)
- return -EINVAL;
- @@ -258,6 +263,11 @@
- {
- long ret;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (force_o_largefile())
- flags |= O_LARGEFILE;
- diff -aur linux-4.2/fs/filesystems.c linux-4.2.tsarn1/fs/filesystems.c
- --- linux-4.2/fs/filesystems.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/filesystems.c 2016-02-08 16:51:12.661225775 +0300
- @@ -185,6 +185,11 @@
- {
- int retval = -EINVAL;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- switch (option) {
- case 1:
- retval = fs_index((const char __user *) arg1);
- diff -aur linux-4.2/fs/ioctl.c linux-4.2.tsarn1/fs/ioctl.c
- --- linux-4.2/fs/ioctl.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/ioctl.c 2016-02-08 16:51:12.661225775 +0300
- @@ -617,6 +617,12 @@
- if (!f.file)
- return -EBADF;
- +
- + if (SBOX_IS_RESTRICTED() && cmd != FIOCLEX && cmd != FIONCLEX) {
- + fdput(f);
- + return -EPERM;
- + }
- +
- error = security_file_ioctl(f.file, cmd, arg);
- if (!error)
- error = do_vfs_ioctl(f.file, fd, cmd, arg);
- diff -aur linux-4.2/fs/locks.c linux-4.2.tsarn1/fs/locks.c
- --- linux-4.2/fs/locks.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/locks.c 2016-02-08 16:51:12.661225775 +0300
- @@ -1904,6 +1904,11 @@
- if (!f.file)
- goto out;
- + if (SBOX_IS_RESTRICTED()) {
- + fdput(f);
- + return -EPERM;
- + }
- +
- can_sleep = !(cmd & LOCK_NB);
- cmd &= ~LOCK_NB;
- unlock = (cmd == LOCK_UN);
- diff -aur linux-4.2/fs/namei.c linux-4.2.tsarn1/fs/namei.c
- --- linux-4.2/fs/namei.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/namei.c 2016-02-08 16:51:12.661225775 +0300
- @@ -3518,6 +3518,11 @@
- int error;
- unsigned int lookup_flags = 0;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- error = may_mknod(mode);
- if (error)
- return error;
- @@ -3590,6 +3595,11 @@
- int error;
- unsigned int lookup_flags = LOOKUP_DIRECTORY;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- retry:
- dentry = user_path_create(dfd, pathname, &path, lookup_flags);
- if (IS_ERR(dentry))
- @@ -3738,6 +3748,9 @@
- SYSCALL_DEFINE1(rmdir, const char __user *, pathname)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + return -EPERM;
- + }
- return do_rmdir(AT_FDCWD, pathname);
- }
- @@ -3880,6 +3893,10 @@
- SYSCALL_DEFINE3(unlinkat, int, dfd, const char __user *, pathname, int, flag)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + return -EPERM;
- + }
- +
- if ((flag & ~AT_REMOVEDIR) != 0)
- return -EINVAL;
- @@ -3891,6 +3908,10 @@
- SYSCALL_DEFINE1(unlink, const char __user *, pathname)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + return -EPERM;
- + }
- +
- return do_unlinkat(AT_FDCWD, pathname);
- }
- @@ -3924,6 +3945,10 @@
- struct path path;
- unsigned int lookup_flags = 0;
- + if (SBOX_IS_RESTRICTED()) {
- + return -EPERM;
- + }
- +
- from = getname(oldname);
- if (IS_ERR(from))
- return PTR_ERR(from);
- @@ -4042,6 +4067,10 @@
- int how = 0;
- int error;
- + if (SBOX_IS_RESTRICTED()) {
- + return -EPERM;
- + }
- +
- if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0)
- return -EINVAL;
- /*
- @@ -4301,6 +4330,10 @@
- bool should_retry = false;
- int error;
- + if (SBOX_IS_RESTRICTED()) {
- + return -EPERM;
- + }
- +
- if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
- return -EINVAL;
- Only in linux-4.2.tsarn1/fs: namei.c.orig
- diff -aur linux-4.2/fs/namespace.c linux-4.2.tsarn1/fs/namespace.c
- --- linux-4.2/fs/namespace.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/namespace.c 2016-02-08 16:51:12.661225775 +0300
- @@ -1599,6 +1599,11 @@
- int retval;
- int lookup_flags = 0;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (flags & ~(MNT_FORCE | MNT_DETACH | MNT_EXPIRE | UMOUNT_NOFOLLOW))
- return -EINVAL;
- @@ -2898,6 +2903,11 @@
- char *kernel_dev;
- unsigned long data_page;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- kernel_type = copy_mount_string(type);
- ret = PTR_ERR(kernel_type);
- if (IS_ERR(kernel_type))
- @@ -2982,6 +2992,11 @@
- struct mountpoint *old_mp, *root_mp;
- int error;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (!may_mount())
- return -EPERM;
- Only in linux-4.2.tsarn1/fs: namespace.c.orig
- diff -aur linux-4.2/fs/notify/fanotify/fanotify_user.c linux-4.2.tsarn1/fs/notify/fanotify/fanotify_user.c
- --- linux-4.2/fs/notify/fanotify/fanotify_user.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/notify/fanotify/fanotify_user.c 2016-02-08 16:51:12.664559148 +0300
- @@ -694,6 +694,9 @@
- struct user_struct *user;
- struct fanotify_event_info *oevent;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- pr_debug("%s: flags=%d event_f_flags=%d\n",
- __func__, flags, event_f_flags);
- @@ -808,6 +811,9 @@
- struct path path;
- int ret;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- pr_debug("%s: fanotify_fd=%d flags=%x dfd=%d pathname=%p mask=%llx\n",
- __func__, fanotify_fd, flags, dfd, pathname, mask);
- diff -aur linux-4.2/fs/notify/inotify/inotify_user.c linux-4.2.tsarn1/fs/notify/inotify/inotify_user.c
- --- linux-4.2/fs/notify/inotify/inotify_user.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/notify/inotify/inotify_user.c 2016-02-08 16:51:12.664559148 +0300
- @@ -671,6 +671,9 @@
- struct fsnotify_group *group;
- int ret;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- /* Check the IN_* constants for consistency. */
- BUILD_BUG_ON(IN_CLOEXEC != O_CLOEXEC);
- BUILD_BUG_ON(IN_NONBLOCK != O_NONBLOCK);
- @@ -706,6 +709,9 @@
- int ret;
- unsigned flags = 0;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- /* don't allow invalid bits: we don't want flags set */
- if (unlikely(!(mask & ALL_INOTIFY_BITS)))
- return -EINVAL;
- @@ -748,6 +754,9 @@
- struct fd f;
- int ret = 0;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- f = fdget(fd);
- if (unlikely(!f.file))
- return -EBADF;
- diff -aur linux-4.2/fs/open.c linux-4.2.tsarn1/fs/open.c
- --- linux-4.2/fs/open.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/open.c 2016-02-08 16:51:12.664559148 +0300
- @@ -34,6 +34,54 @@
- #include "internal.h"
- +static const char * const secure_paths[] =
- +{
- + "/lib/", "/lib32/", "/lib64/",
- + "/usr/lib/", "/usr/lib32/", "/usr/lib64/",
- + "/usr/include/", "/usr/libexec/",
- + "/usr/local/lib/", "/usr/local/lib32/", "/usr/local/lib64/",
- + "/usr/local/include/", "/usr/local/libexec/",
- + "/bin/", "/usr/bin/", "/usr/local/bin/",
- + "/usr/share/", "/usr/local/share/", "/dev/urandom", "/dev/zero", "/dev/null",
- + "/SANDBOX/",
- + NULL
- +};
- +
- +int cher_patch_is_secure_path(const char *path)
- +{
- + const char *s;
- + int i;
- +
- + if (strstr(path, ".."))
- + return -1;
- + for (i = 0; secure_paths[i] && strncmp(path, secure_paths[i], strlen(secure_paths[i])); ++i);
- + if (secure_paths[i]) {
- + return 0;
- + }
- +
- + if (!strncmp(path, "/SANDBOX/", 9)) path += 9;
- + s = path;
- + while (s[0] == '.' && s[1] == '/') s += 2;
- + for (; *s && *s != '/'; s++);
- + if (*s == '/') return -1;
- + return 0;
- +}
- +
- +int cher_check_user_path(int dfd, const char __user **p_path)
- +{
- + struct filename *tmp = NULL;
- + if (dfd != AT_FDCWD) return -EPERM;
- + tmp = getname(*p_path);
- + if (IS_ERR(tmp)) return -EINVAL;
- + if (cher_patch_is_secure_path(tmp->name) < 0) {
- + putname(tmp);
- + return -EPERM;
- + }
- + if (!strncmp("/SANDBOX/", tmp->name, 9)) *p_path += 9;
- + putname(tmp);
- + return 0;
- +}
- +
- int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
- struct file *filp)
- {
- @@ -141,12 +189,18 @@
- SYSCALL_DEFINE2(truncate, const char __user *, path, long, length)
- {
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- return do_sys_truncate(path, length);
- }
- #ifdef CONFIG_COMPAT
- COMPAT_SYSCALL_DEFINE2(truncate, const char __user *, path, compat_off_t, length)
- {
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- return do_sys_truncate(path, length);
- }
- #endif
- @@ -214,11 +268,17 @@
- #if BITS_PER_LONG == 32
- SYSCALL_DEFINE2(truncate64, const char __user *, path, loff_t, length)
- {
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- return do_sys_truncate(path, length);
- }
- SYSCALL_DEFINE2(ftruncate64, unsigned int, fd, loff_t, length)
- {
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- return do_sys_ftruncate(fd, length, 0);
- }
- #endif /* BITS_PER_LONG == 32 */
- @@ -319,9 +379,13 @@
- SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len)
- {
- - struct fd f = fdget(fd);
- + struct fd f;
- int error = -EBADF;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- + f = fdget(fd);
- if (f.file) {
- error = vfs_fallocate(f.file, mode, offset, len);
- fdput(f);
- @@ -343,6 +407,11 @@
- int res;
- unsigned int lookup_flags = LOOKUP_FOLLOW;
- + if (SBOX_IS_RESTRICTED()) {
- + res = cher_check_user_path(dfd, &filename);
- + if (res < 0) return res;
- + }
- +
- if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */
- return -EINVAL;
- @@ -420,6 +489,10 @@
- struct path path;
- int error;
- unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
- +
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- retry:
- error = user_path_at(AT_FDCWD, filename, lookup_flags, &path);
- if (error)
- @@ -451,6 +524,11 @@
- if (!f.file)
- goto out;
- + if (SBOX_IS_RESTRICTED()) {
- + error = -EPERM;
- + goto out_putf;
- + }
- +
- inode = file_inode(f.file);
- error = -ENOTDIR;
- @@ -471,6 +549,12 @@
- struct path path;
- int error;
- unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
- +
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- retry:
- error = user_path_at(AT_FDCWD, filename, lookup_flags, &path);
- if (error)
- @@ -530,9 +614,15 @@
- SYSCALL_DEFINE2(fchmod, unsigned int, fd, umode_t, mode)
- {
- - struct fd f = fdget(fd);
- + struct fd f;
- int err = -EBADF;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- + f = fdget(fd);
- if (f.file) {
- audit_file(f.file);
- err = chmod_common(&f.file->f_path, mode);
- @@ -546,6 +636,12 @@
- struct path path;
- int error;
- unsigned int lookup_flags = LOOKUP_FOLLOW;
- +
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- retry:
- error = user_path_at(dfd, filename, lookup_flags, &path);
- if (!error) {
- @@ -613,6 +709,11 @@
- int error = -EINVAL;
- int lookup_flags;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0)
- goto out;
- @@ -657,6 +758,12 @@
- if (!f.file)
- goto out;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + error = -EPERM;
- + goto out_fput;
- + }
- +
- error = mnt_want_write_file(f.file);
- if (error)
- goto out_fput;
- @@ -1010,9 +1117,16 @@
- long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
- {
- struct open_flags op;
- - int fd = build_open_flags(flags, mode, &op);
- + int fd = 0;
- struct filename *tmp;
- + if (SBOX_IS_RESTRICTED()) {
- + int res = cher_check_user_path(dfd, &filename);
- + if (res < 0) return res;
- + flags &= ~(O_CREAT | O_EXCL);
- + }
- +
- + fd = build_open_flags(flags, mode, &op);
- if (fd)
- return fd;
- @@ -1117,6 +1231,9 @@
- */
- SYSCALL_DEFINE0(vhangup)
- {
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (capable(CAP_SYS_TTY_CONFIG)) {
- tty_vhangup_self();
- return 0;
- Only in linux-4.2.tsarn1/fs: open.c.orig
- diff -aur linux-4.2/fs/pipe.c linux-4.2.tsarn1/fs/pipe.c
- --- linux-4.2/fs/pipe.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/pipe.c 2016-02-08 16:51:12.664559148 +0300
- @@ -780,6 +780,11 @@
- int fd[2];
- int error;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- error = __do_pipe_flags(fd, files, flags);
- if (!error) {
- if (unlikely(copy_to_user(fildes, fd, sizeof(fd)))) {
- diff -aur linux-4.2/fs/proc/base.c linux-4.2.tsarn1/fs/proc/base.c
- --- linux-4.2/fs/proc/base.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/proc/base.c 2016-02-08 16:53:55.973135133 +0300
- @@ -613,6 +613,7 @@
- [RLIMIT_NICE] = {"Max nice priority", NULL},
- [RLIMIT_RTPRIO] = {"Max realtime priority", NULL},
- [RLIMIT_RTTIME] = {"Max realtime timeout", "us"},
- + [RLIMIT_MCPU] = {"Max cpu time", "ms"}
- };
- /* Display limits for a process */
- diff -aur linux-4.2/fs/quota/compat.c linux-4.2.tsarn1/fs/quota/compat.c
- --- linux-4.2/fs/quota/compat.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/quota/compat.c 2016-02-08 16:51:12.664559148 +0300
- @@ -52,6 +52,11 @@
- u16 xdata;
- long ret;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- cmds = cmd >> SUBCMDSHIFT;
- switch (cmds) {
- diff -aur linux-4.2/fs/quota/quota.c linux-4.2.tsarn1/fs/quota/quota.c
- --- linux-4.2/fs/quota/quota.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/quota/quota.c 2016-02-08 16:51:12.664559148 +0300
- @@ -765,6 +765,11 @@
- struct path path, *pathp = NULL;
- int ret;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- cmds = cmd >> SUBCMDSHIFT;
- type = cmd & SUBCMDMASK;
- diff -aur linux-4.2/fs/read_write.c linux-4.2.tsarn1/fs/read_write.c
- --- linux-4.2/fs/read_write.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/read_write.c 2016-02-08 16:51:12.664559148 +0300
- @@ -597,6 +597,9 @@
- struct fd f;
- ssize_t ret = -EBADF;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (pos < 0)
- return -EINVAL;
- @@ -617,6 +620,9 @@
- struct fd f;
- ssize_t ret = -EBADF;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (pos < 0)
- return -EINVAL;
- @@ -902,6 +908,9 @@
- struct fd f;
- ssize_t ret = -EBADF;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (pos < 0)
- return -EINVAL;
- @@ -926,6 +935,9 @@
- struct fd f;
- ssize_t ret = -EBADF;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (pos < 0)
- return -EINVAL;
- @@ -1044,6 +1056,9 @@
- struct fd f;
- ssize_t ret;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (pos < 0)
- return -EINVAL;
- f = fdget(fd);
- @@ -1121,6 +1136,9 @@
- struct fd f;
- ssize_t ret;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (pos < 0)
- return -EINVAL;
- f = fdget(fd);
- diff -aur linux-4.2/fs/signalfd.c linux-4.2.tsarn1/fs/signalfd.c
- --- linux-4.2/fs/signalfd.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/signalfd.c 2016-02-08 16:51:12.664559148 +0300
- @@ -258,6 +258,9 @@
- sigset_t sigmask;
- struct signalfd_ctx *ctx;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- /* Check the SFD_* constants for consistency. */
- BUILD_BUG_ON(SFD_CLOEXEC != O_CLOEXEC);
- BUILD_BUG_ON(SFD_NONBLOCK != O_NONBLOCK);
- @@ -322,6 +325,9 @@
- sigset_t tmp;
- sigset_t __user *ksigmask;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (sigsetsize != sizeof(compat_sigset_t))
- return -EINVAL;
- if (copy_from_user(&ss32, sigmask, sizeof(ss32)))
- diff -aur linux-4.2/fs/splice.c linux-4.2.tsarn1/fs/splice.c
- --- linux-4.2/fs/splice.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/splice.c 2016-02-08 16:51:12.664559148 +0300
- @@ -1635,6 +1635,9 @@
- struct fd f;
- long error;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (unlikely(nr_segs > UIO_MAXIOV))
- return -EINVAL;
- else if (unlikely(!nr_segs))
- @@ -1660,6 +1663,10 @@
- {
- unsigned i;
- struct iovec __user *iov;
- +
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (nr_segs > UIO_MAXIOV)
- return -EINVAL;
- iov = compat_alloc_user_space(nr_segs * sizeof(struct iovec));
- @@ -1682,6 +1689,9 @@
- struct fd in, out;
- long error;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (unlikely(!len))
- return 0;
- @@ -2013,6 +2023,9 @@
- struct fd in;
- int error;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (unlikely(!len))
- return 0;
- Only in linux-4.2.tsarn1/fs: splice.c.orig
- diff -aur linux-4.2/fs/stat.c linux-4.2.tsarn1/fs/stat.c
- --- linux-4.2/fs/stat.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/stat.c 2016-02-08 16:51:12.667892520 +0300
- @@ -18,6 +18,8 @@
- #include <asm/uaccess.h>
- #include <asm/unistd.h>
- +int cher_check_user_path(int dfd, const char __user **p_path);
- +
- void generic_fillattr(struct inode *inode, struct kstat *stat)
- {
- stat->dev = inode->i_sb->s_dev;
- @@ -180,6 +182,11 @@
- struct kstat stat;
- int error;
- + if (SBOX_IS_RESTRICTED()) {
- + error = cher_check_user_path(AT_FDCWD, &filename);
- + if (error < 0) return error;
- + }
- +
- error = vfs_stat(filename, &stat);
- if (error)
- return error;
- @@ -193,6 +200,11 @@
- struct kstat stat;
- int error;
- + if (SBOX_IS_RESTRICTED()) {
- + error = cher_check_user_path(AT_FDCWD, &filename);
- + if (error < 0) return error;
- + }
- +
- error = vfs_lstat(filename, &stat);
- if (error)
- return error;
- @@ -267,8 +279,14 @@
- struct stat __user *, statbuf)
- {
- struct kstat stat;
- - int error = vfs_stat(filename, &stat);
- + int error;
- + if (SBOX_IS_RESTRICTED()) {
- + error = cher_check_user_path(AT_FDCWD, &filename);
- + if (error < 0) return error;
- + }
- +
- + error = vfs_stat(filename, &stat);
- if (error)
- return error;
- return cp_new_stat(&stat, statbuf);
- @@ -280,6 +298,11 @@
- struct kstat stat;
- int error;
- + if (SBOX_IS_RESTRICTED()) {
- + error = cher_check_user_path(AT_FDCWD, &filename);
- + if (error < 0) return error;
- + }
- +
- error = vfs_lstat(filename, &stat);
- if (error)
- return error;
- @@ -294,6 +317,11 @@
- struct kstat stat;
- int error;
- + if (SBOX_IS_RESTRICTED()) {
- + error = cher_check_user_path(dfd, &filename);
- + if (error < 0) return error;
- + }
- +
- error = vfs_fstatat(dfd, filename, &stat, flag);
- if (error)
- return error;
- @@ -320,6 +348,11 @@
- int empty = 0;
- unsigned int lookup_flags = LOOKUP_EMPTY;
- + if (SBOX_IS_RESTRICTED()) {
- + error = cher_check_user_path(dfd, &pathname);
- + if (error < 0) return error;
- + }
- +
- if (bufsiz <= 0)
- return -EINVAL;
- @@ -401,8 +434,14 @@
- struct stat64 __user *, statbuf)
- {
- struct kstat stat;
- - int error = vfs_stat(filename, &stat);
- + int error;
- + if (SBOX_IS_RESTRICTED()) {
- + error = cher_check_user_path(AT_FDCWD, &filename);
- + if (error < 0) return error;
- + }
- +
- + error = vfs_stat(filename, &stat);
- if (!error)
- error = cp_new_stat64(&stat, statbuf);
- @@ -413,8 +452,14 @@
- struct stat64 __user *, statbuf)
- {
- struct kstat stat;
- - int error = vfs_lstat(filename, &stat);
- + int error;
- +
- + if (SBOX_IS_RESTRICTED()) {
- + error = cher_check_user_path(AT_FDCWD, &filename);
- + if (error < 0) return error;
- + }
- + error = vfs_lstat(filename, &stat);
- if (!error)
- error = cp_new_stat64(&stat, statbuf);
- @@ -438,6 +483,11 @@
- struct kstat stat;
- int error;
- + if (SBOX_IS_RESTRICTED()) {
- + error = cher_check_user_path(dfd, &filename);
- + if (error < 0) return error;
- + }
- +
- error = vfs_fstatat(dfd, filename, &stat, flag);
- if (error)
- return error;
- diff -aur linux-4.2/fs/statfs.c linux-4.2.tsarn1/fs/statfs.c
- --- linux-4.2/fs/statfs.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/statfs.c 2016-02-08 16:51:12.667892520 +0300
- @@ -172,7 +172,12 @@
- SYSCALL_DEFINE2(statfs, const char __user *, pathname, struct statfs __user *, buf)
- {
- struct kstatfs st;
- - int error = user_statfs(pathname, &st);
- + int error;
- +
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- + error = user_statfs(pathname, &st);
- if (!error)
- error = do_statfs_native(&st, buf);
- return error;
- @@ -182,6 +187,10 @@
- {
- struct kstatfs st;
- int error;
- +
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (sz != sizeof(*buf))
- return -EINVAL;
- error = user_statfs(pathname, &st);
- @@ -193,7 +202,12 @@
- SYSCALL_DEFINE2(fstatfs, unsigned int, fd, struct statfs __user *, buf)
- {
- struct kstatfs st;
- - int error = fd_statfs(fd, &st);
- + int error;
- +
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- + error = fd_statfs(fd, &st);
- if (!error)
- error = do_statfs_native(&st, buf);
- return error;
- @@ -204,6 +218,9 @@
- struct kstatfs st;
- int error;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (sz != sizeof(*buf))
- return -EINVAL;
- @@ -229,7 +246,12 @@
- {
- struct ustat tmp;
- struct kstatfs sbuf;
- - int err = vfs_ustat(new_decode_dev(dev), &sbuf);
- + int err;
- +
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- + err = vfs_ustat(new_decode_dev(dev), &sbuf);
- if (err)
- return err;
- diff -aur linux-4.2/fs/sync.c linux-4.2.tsarn1/fs/sync.c
- --- linux-4.2/fs/sync.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/sync.c 2016-02-08 16:51:12.667892520 +0300
- @@ -103,6 +103,9 @@
- {
- int nowait = 0, wait = 1;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- wakeup_flusher_threads(0, WB_REASON_SYNC);
- iterate_supers(sync_inodes_one_sb, NULL);
- iterate_supers(sync_fs_one_sb, &nowait);
- @@ -148,10 +151,14 @@
- */
- SYSCALL_DEFINE1(syncfs, int, fd)
- {
- - struct fd f = fdget(fd);
- + struct fd f;
- struct super_block *sb;
- int ret;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- + f = fdget(fd);
- if (!f.file)
- return -EBADF;
- sb = f.file->f_path.dentry->d_sb;
- @@ -219,11 +226,17 @@
- SYSCALL_DEFINE1(fsync, unsigned int, fd)
- {
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- return do_fsync(fd, 0);
- }
- SYSCALL_DEFINE1(fdatasync, unsigned int, fd)
- {
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- return do_fsync(fd, 1);
- }
- @@ -283,6 +296,9 @@
- loff_t endbyte; /* inclusive */
- umode_t i_mode;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- ret = -EINVAL;
- if (flags & ~VALID_FLAGS)
- goto out;
- diff -aur linux-4.2/fs/timerfd.c linux-4.2.tsarn1/fs/timerfd.c
- --- linux-4.2/fs/timerfd.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/timerfd.c 2016-02-08 16:51:12.667892520 +0300
- @@ -378,6 +378,9 @@
- int ufd;
- struct timerfd_ctx *ctx;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- /* Check the TFD_* constants for consistency. */
- BUILD_BUG_ON(TFD_CLOEXEC != O_CLOEXEC);
- BUILD_BUG_ON(TFD_NONBLOCK != O_NONBLOCK);
- @@ -518,6 +521,9 @@
- struct itimerspec new, old;
- int ret;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (copy_from_user(&new, utmr, sizeof(new)))
- return -EFAULT;
- ret = do_timerfd_settime(ufd, flags, &new, &old);
- @@ -532,7 +538,12 @@
- SYSCALL_DEFINE2(timerfd_gettime, int, ufd, struct itimerspec __user *, otmr)
- {
- struct itimerspec kotmr;
- - int ret = do_timerfd_gettime(ufd, &kotmr);
- + int ret;
- +
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- + ret = do_timerfd_gettime(ufd, &kotmr);
- if (ret)
- return ret;
- return copy_to_user(otmr, &kotmr, sizeof(kotmr)) ? -EFAULT: 0;
- @@ -546,6 +557,9 @@
- struct itimerspec new, old;
- int ret;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (get_compat_itimerspec(&new, utmr))
- return -EFAULT;
- ret = do_timerfd_settime(ufd, flags, &new, &old);
- @@ -560,7 +574,12 @@
- struct compat_itimerspec __user *, otmr)
- {
- struct itimerspec kotmr;
- - int ret = do_timerfd_gettime(ufd, &kotmr);
- + int ret;
- +
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- + ret = do_timerfd_gettime(ufd, &kotmr);
- if (ret)
- return ret;
- return put_compat_itimerspec(otmr, &kotmr) ? -EFAULT: 0;
- diff -aur linux-4.2/fs/utimes.c linux-4.2.tsarn1/fs/utimes.c
- --- linux-4.2/fs/utimes.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/utimes.c 2016-02-08 16:51:12.667892520 +0300
- @@ -28,6 +28,9 @@
- {
- struct timespec tv[2];
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (times) {
- if (get_user(tv[0].tv_sec, ×->actime) ||
- get_user(tv[1].tv_sec, ×->modtime))
- @@ -187,6 +190,9 @@
- {
- struct timespec tstimes[2];
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (utimes) {
- if (copy_from_user(&tstimes, utimes, sizeof(tstimes)))
- return -EFAULT;
- @@ -206,6 +212,9 @@
- struct timeval times[2];
- struct timespec tstimes[2];
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (utimes) {
- if (copy_from_user(×, utimes, sizeof(times)))
- return -EFAULT;
- diff -aur linux-4.2/fs/xattr.c linux-4.2.tsarn1/fs/xattr.c
- --- linux-4.2/fs/xattr.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/fs/xattr.c 2016-02-08 16:51:12.667892520 +0300
- @@ -391,6 +391,11 @@
- const char __user *, name, const void __user *, value,
- size_t, size, int, flags)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW);
- }
- @@ -398,15 +403,26 @@
- const char __user *, name, const void __user *, value,
- size_t, size, int, flags)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return path_setxattr(pathname, name, value, size, flags, 0);
- }
- SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
- const void __user *,value, size_t, size, int, flags)
- {
- - struct fd f = fdget(fd);
- + struct fd f;
- int error = -EBADF;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- + f = fdget(fd);
- if (!f.file)
- return error;
- audit_file(f.file);
- @@ -490,21 +506,37 @@
- SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
- const char __user *, name, void __user *, value, size_t, size)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW);
- }
- SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
- const char __user *, name, void __user *, value, size_t, size)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return path_getxattr(pathname, name, value, size, 0);
- }
- SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
- void __user *, value, size_t, size)
- {
- - struct fd f = fdget(fd);
- + struct fd f;
- ssize_t error = -EBADF;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- + f = fdget(fd);
- if (!f.file)
- return error;
- audit_file(f.file);
- @@ -572,20 +604,36 @@
- SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
- size_t, size)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return path_listxattr(pathname, list, size, LOOKUP_FOLLOW);
- }
- SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
- size_t, size)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return path_listxattr(pathname, list, size, 0);
- }
- SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
- {
- - struct fd f = fdget(fd);
- + struct fd f;
- ssize_t error = -EBADF;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- + f = fdget(fd);
- if (!f.file)
- return error;
- audit_file(f.file);
- @@ -637,20 +685,36 @@
- SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
- const char __user *, name)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return path_removexattr(pathname, name, LOOKUP_FOLLOW);
- }
- SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
- const char __user *, name)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return path_removexattr(pathname, name, 0);
- }
- SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
- {
- - struct fd f = fdget(fd);
- + struct fd f;
- int error = -EBADF;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- + f = fdget(fd);
- if (!f.file)
- return error;
- audit_file(f.file);
- diff -aur linux-4.2/include/asm-generic/cputime_jiffies.h linux-4.2.tsarn1/include/asm-generic/cputime_jiffies.h
- --- linux-4.2/include/asm-generic/cputime_jiffies.h 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/include/asm-generic/cputime_jiffies.h 2016-02-08 17:03:57.833204248 +0300
- @@ -73,4 +73,9 @@
- #define cputime64_to_clock_t(__ct) \
- jiffies_64_to_clock_t(cputime64_to_jiffies64(__ct))
- +#define msecs_to_cputime(msec) \
- + (((msec) * HZ) / 1000)
- +#define cputime_to_msecs(jif) \
- + ((jif) * 1000 / HZ)
- +
- #endif
- diff -aur linux-4.2/include/asm-generic/resource.h linux-4.2.tsarn1/include/asm-generic/resource.h
- --- linux-4.2/include/asm-generic/resource.h 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/include/asm-generic/resource.h 2016-02-08 16:55:47.787775350 +0300
- @@ -25,6 +25,7 @@
- [RLIMIT_NICE] = { 0, 0 }, \
- [RLIMIT_RTPRIO] = { 0, 0 }, \
- [RLIMIT_RTTIME] = { RLIM_INFINITY, RLIM_INFINITY }, \
- + [RLIMIT_MCPU] = { RLIM_INFINITY, RLIM_INFINITY }, \
- }
- #endif
- diff -aur linux-4.2/include/linux/posix-timers.h linux-4.2.tsarn1/include/linux/posix-timers.h
- --- linux-4.2/include/linux/posix-timers.h 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/include/linux/posix-timers.h 2016-02-08 16:56:19.938151075 +0300
- @@ -137,5 +137,6 @@
- long clock_nanosleep_restart(struct restart_block *restart_block);
- void update_rlimit_cpu(struct task_struct *task, unsigned long rlim_new);
- +void update_rlimit_mcpu(struct task_struct *task, unsigned long rlim_new);
- #endif
- diff -aur linux-4.2/include/linux/sched.h linux-4.2.tsarn1/include/linux/sched.h
- --- linux-4.2/include/linux/sched.h 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/include/linux/sched.h 2016-02-08 16:51:12.667892520 +0300
- @@ -1341,6 +1341,17 @@
- perf_nr_task_contexts,
- };
- +/* sandbox flags */
- +enum {
- + SBOX_NO_SYSCALLS = 1, /* disable most "dangerous" syscalls */
- + SBOX_NO_EXEC = 2, /* disable exec syscall */
- + SBOX_MEMLIMITON = 4, /* enable memory limit check */
- + SBOX_WAS_MEMLIMIT = 8, /* memory limit happened? */
- + SBOX_WAS_SECURITY = 16, /* was security violation? */
- + SBOX_TLON = 32, /* enable kernel time limit check */
- + SBOX_WAS_TL = 64 /* was time limit? */
- +};
- +
- struct task_struct {
- volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */
- void *stack;
- Only in linux-4.2.tsarn1/include/linux: sched.h.orig
- Only in linux-4.2.tsarn1/include/linux: sched.h.rej
- diff -aur linux-4.2/include/uapi/asm-generic/resource.h linux-4.2.tsarn1/include/uapi/asm-generic/resource.h
- --- linux-4.2/include/uapi/asm-generic/resource.h 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/include/uapi/asm-generic/resource.h 2016-02-08 16:55:14.080714746 +0300
- @@ -45,7 +45,8 @@
- 0-39 for nice level 19 .. -20 */
- #define RLIMIT_RTPRIO 14 /* maximum realtime priority */
- #define RLIMIT_RTTIME 15 /* timeout for RT tasks in us */
- -#define RLIM_NLIMITS 16
- +#define RLIMIT_MCPU 16 /* millisecond cpu limit */
- +#define RLIM_NLIMITS 17
- /*
- * SuS says limits have to be unsigned.
- diff -aur linux-4.2/include/uapi/linux/ptrace.h linux-4.2.tsarn1/include/uapi/linux/ptrace.h
- --- linux-4.2/include/uapi/linux/ptrace.h 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/include/uapi/linux/ptrace.h 2016-02-08 16:51:12.681226009 +0300
- @@ -49,6 +49,10 @@
- #define PTRACE_GETREGSET 0x4204
- #define PTRACE_SETREGSET 0x4205
- +#define PTRACE_MEMLIMIT 0x4280
- +#define PTRACE_NO_SYSCALLS 0x4281
- +#define PTRACE_TIMELIMIT 0x4282
- +
- #define PTRACE_SEIZE 0x4206
- #define PTRACE_INTERRUPT 0x4207
- #define PTRACE_LISTEN 0x4208
- diff -aur linux-4.2/ipc/compat.c linux-4.2.tsarn1/ipc/compat.c
- --- linux-4.2/ipc/compat.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/ipc/compat.c 2016-02-08 16:51:12.681226009 +0300
- @@ -332,6 +332,10 @@
- int version;
- u32 pad;
- + if (SBOX_IS_RESTRICTED()) {
- + return -EPERM;
- + }
- +
- version = call >> 16; /* hack for backward compatibility */
- call &= 0xffff;
- diff -aur linux-4.2/ipc/mqueue.c linux-4.2.tsarn1/ipc/mqueue.c
- --- linux-4.2/ipc/mqueue.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/ipc/mqueue.c 2016-02-08 16:51:12.684559382 +0300
- @@ -781,6 +781,11 @@
- struct dentry *root = mnt->mnt_root;
- int ro;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (u_attr && copy_from_user(&attr, u_attr, sizeof(struct mq_attr)))
- return -EFAULT;
- @@ -858,6 +863,11 @@
- struct ipc_namespace *ipc_ns = current->nsproxy->ipc_ns;
- struct vfsmount *mnt = ipc_ns->mq_mnt;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- name = getname(u_name);
- if (IS_ERR(name))
- return PTR_ERR(name);
- @@ -971,6 +981,11 @@
- int ret = 0;
- WAKE_Q(wake_q);
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (u_abs_timeout) {
- int res = prepare_timeout(u_abs_timeout, &expires, &ts);
- if (res)
- @@ -1090,6 +1105,11 @@
- struct timespec ts;
- struct posix_msg_tree_node *new_leaf = NULL;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (u_abs_timeout) {
- int res = prepare_timeout(u_abs_timeout, &expires, &ts);
- if (res)
- @@ -1197,6 +1217,11 @@
- struct mqueue_inode_info *info;
- struct sk_buff *nc;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (u_notification) {
- if (copy_from_user(¬ification, u_notification,
- sizeof(struct sigevent)))
- @@ -1328,6 +1353,11 @@
- struct inode *inode;
- struct mqueue_inode_info *info;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (u_mqstat != NULL) {
- if (copy_from_user(&mqstat, u_mqstat, sizeof(struct mq_attr)))
- return -EFAULT;
- Only in linux-4.2.tsarn1/ipc: mqueue.c.orig
- diff -aur linux-4.2/ipc/msg.c linux-4.2.tsarn1/ipc/msg.c
- --- linux-4.2/ipc/msg.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/ipc/msg.c 2016-02-08 16:51:12.684559382 +0300
- @@ -247,6 +247,11 @@
- };
- struct ipc_params msg_params;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- ns = current->nsproxy->ipc_ns;
- msg_params.key = key;
- @@ -524,6 +529,11 @@
- int version;
- struct ipc_namespace *ns;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (msqid < 0 || cmd < 0)
- return -EINVAL;
- @@ -724,6 +734,11 @@
- {
- long mtype;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (get_user(mtype, &msgp->mtype))
- return -EFAULT;
- return do_msgsnd(msqid, mtype, msgp->mtext, msgsz, msgflg);
- @@ -1014,6 +1029,11 @@
- SYSCALL_DEFINE5(msgrcv, int, msqid, struct msgbuf __user *, msgp, size_t, msgsz,
- long, msgtyp, int, msgflg)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return do_msgrcv(msqid, msgp, msgsz, msgtyp, msgflg, do_msg_fill);
- }
- Only in linux-4.2.tsarn1/ipc: msg.c.orig
- diff -aur linux-4.2/ipc/sem.c linux-4.2.tsarn1/ipc/sem.c
- --- linux-4.2/ipc/sem.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/ipc/sem.c 2016-02-08 16:51:12.684559382 +0300
- @@ -589,6 +589,11 @@
- };
- struct ipc_params sem_params;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- ns = current->nsproxy->ipc_ns;
- if (nsems < 0 || nsems > ns->sc_semmsl)
- @@ -1590,6 +1595,11 @@
- struct ipc_namespace *ns;
- void __user *p = (void __user *)arg;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (semid < 0)
- return -EINVAL;
- @@ -1803,6 +1813,11 @@
- struct ipc_namespace *ns;
- struct list_head tasks;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- ns = current->nsproxy->ipc_ns;
- if (nsops < 1 || semid < 0)
- diff -aur linux-4.2/ipc/shm.c linux-4.2.tsarn1/ipc/shm.c
- --- linux-4.2/ipc/shm.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/ipc/shm.c 2016-02-08 16:51:12.684559382 +0300
- @@ -625,6 +625,11 @@
- };
- struct ipc_params shm_params;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- ns = current->nsproxy->ipc_ns;
- shm_params.key = key;
- @@ -953,6 +958,11 @@
- if (cmd < 0 || shmid < 0)
- return -EINVAL;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- version = ipc_parse_version(&cmd);
- ns = current->nsproxy->ipc_ns;
- @@ -1211,6 +1221,11 @@
- unsigned long ret;
- long err;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- err = do_shmat(shmid, shmaddr, shmflg, &ret, SHMLBA);
- if (err)
- return err;
- @@ -1234,6 +1249,11 @@
- struct vm_area_struct *next;
- #endif
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (addr & ~PAGE_MASK)
- return retval;
- Only in linux-4.2.tsarn1/ipc: shm.c.orig
- diff -aur linux-4.2/ipc/syscall.c linux-4.2.tsarn1/ipc/syscall.c
- --- linux-4.2/ipc/syscall.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/ipc/syscall.c 2016-02-08 16:51:12.684559382 +0300
- @@ -18,6 +18,11 @@
- {
- int version, ret;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- version = call >> 16; /* hack for backward compatibility */
- call &= 0xffff;
- diff -aur linux-4.2/kernel/acct.c linux-4.2.tsarn1/kernel/acct.c
- --- linux-4.2/kernel/acct.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/acct.c 2016-02-08 16:51:12.684559382 +0300
- @@ -271,6 +271,11 @@
- {
- int error = 0;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (!capable(CAP_SYS_PACCT))
- return -EPERM;
- diff -aur linux-4.2/kernel/capability.c linux-4.2.tsarn1/kernel/capability.c
- --- linux-4.2/kernel/capability.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/capability.c 2016-02-08 16:51:12.687892754 +0300
- @@ -229,6 +229,11 @@
- int ret;
- pid_t pid;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- ret = cap_validate_magic(header, &tocopy);
- if (ret != 0)
- return ret;
- diff -aur linux-4.2/kernel/compat.c linux-4.2.tsarn1/kernel/compat.c
- --- linux-4.2/kernel/compat.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/compat.c 2016-02-08 16:51:12.687892754 +0300
- @@ -112,6 +112,11 @@
- struct timespec new_ts;
- struct timezone new_tz;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (tv) {
- if (compat_get_timeval(&user_tv, tv))
- return -EFAULT;
- @@ -313,6 +318,11 @@
- struct itimerval kit;
- int error;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- error = do_getitimer(which, &kit);
- if (!error && put_compat_itimerval(it, &kit))
- error = -EFAULT;
- @@ -326,6 +336,11 @@
- struct itimerval kin, kout;
- int error;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (in) {
- if (get_compat_itimerval(&kin, in))
- return -EFAULT;
- @@ -347,6 +362,11 @@
- COMPAT_SYSCALL_DEFINE1(times, struct compat_tms __user *, tbuf)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (tbuf) {
- struct tms tms;
- struct compat_tms tmp;
- @@ -405,6 +425,10 @@
- old_sigset_t old_set, new_set;
- sigset_t new_blocked;
- + if (SBOX_IS_RESTRICTED()) {
- + return -EPERM;
- + }
- +
- old_set = current->blocked.sig[0];
- if (nset) {
- @@ -446,6 +470,11 @@
- {
- struct rlimit r;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (!access_ok(VERIFY_READ, rlim, sizeof(*rlim)) ||
- __get_user(r.rlim_cur, &rlim->rlim_cur) ||
- __get_user(r.rlim_max, &rlim->rlim_max))
- @@ -620,6 +649,11 @@
- cpumask_var_t new_mask;
- int retval;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (!alloc_cpumask_var(&new_mask, GFP_KERNEL))
- return -ENOMEM;
- @@ -685,6 +719,11 @@
- {
- struct sigevent __user *event = NULL;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (timer_event_spec) {
- struct sigevent kevent;
- @@ -705,6 +744,11 @@
- mm_segment_t oldfs;
- struct itimerspec newts, oldts;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (!new)
- return -EINVAL;
- if (get_compat_itimerspec(&newts, new))
- @@ -744,6 +788,11 @@
- mm_segment_t oldfs;
- struct timespec ts;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (compat_get_timespec(&ts, tp))
- return -EFAULT;
- oldfs = get_fs();
- @@ -778,6 +827,11 @@
- mm_segment_t oldfs;
- int err, ret;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- err = compat_get_timex(&txc, utp);
- if (err)
- return err;
- @@ -1050,6 +1104,11 @@
- struct timespec tv;
- int err;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (get_user(tv.tv_sec, tptr))
- return -EFAULT;
- @@ -1070,6 +1129,11 @@
- struct timex txc;
- int err, ret;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- err = compat_get_timex(&txc, utp);
- if (err)
- return err;
- diff -aur linux-4.2/kernel/events/core.c linux-4.2.tsarn1/kernel/events/core.c
- --- linux-4.2/kernel/events/core.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/events/core.c 2016-02-08 16:51:12.687892754 +0300
- @@ -7943,6 +7943,11 @@
- int f_flags = O_RDWR;
- int cgroup_fd = -1;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- /* for future expandability... */
- if (flags & ~PERF_FLAG_ALL)
- return -EINVAL;
- Only in linux-4.2.tsarn1/kernel/events: core.c.orig
- diff -aur linux-4.2/kernel/exec_domain.c linux-4.2.tsarn1/kernel/exec_domain.c
- --- linux-4.2/kernel/exec_domain.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/exec_domain.c 2016-02-08 16:51:12.691226127 +0300
- @@ -51,6 +51,9 @@
- {
- unsigned int old = current->personality;
- + if (SBOX_IS_RESTRICTED())
- + return old;
- +
- if (personality != 0xffffffff)
- set_personality(personality);
- diff -aur linux-4.2/kernel/exit.c linux-4.2.tsarn1/kernel/exit.c
- --- linux-4.2/kernel/exit.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/exit.c 2016-02-08 16:51:12.691226127 +0300
- @@ -1066,8 +1066,16 @@
- ? getrusage(p, RUSAGE_BOTH, wo->wo_rusage) : 0;
- status = (p->signal->flags & SIGNAL_GROUP_EXIT)
- ? p->signal->group_exit_code : p->exit_code;
- - if (!retval && wo->wo_stat)
- - retval = put_user(status, wo->wo_stat);
- + if (!retval && wo->wo_stat) {
- + int newstatus = status;
- + if (SBOX_IS_MEMLIMIT_ERR(p))
- + newstatus |= 0x10000;
- + if (SBOX_IS_SECURITY_ERR(p))
- + newstatus |= 0x20000;
- + if (SBOX_IS_TL_ERR(p))
- + newstatus |= 0x40000;
- + retval = put_user(newstatus, wo->wo_stat);
- + }
- infop = wo->wo_info;
- if (!retval && infop)
- @@ -1199,8 +1207,16 @@
- retval = wo->wo_rusage
- ? getrusage(p, RUSAGE_BOTH, wo->wo_rusage) : 0;
- - if (!retval && wo->wo_stat)
- - retval = put_user((exit_code << 8) | 0x7f, wo->wo_stat);
- + if (!retval && wo->wo_stat) {
- + int newstatus = (exit_code << 8) | 0x7f;
- + if (SBOX_IS_MEMLIMIT_ERR(p))
- + newstatus |= 0x10000;
- + if (SBOX_IS_SECURITY_ERR(p))
- + newstatus |= 0x20000;
- + if (SBOX_IS_TL_ERR(p))
- + newstatus |= 0x40000;
- + retval = put_user(newstatus, wo->wo_stat);
- + }
- infop = wo->wo_info;
- if (!retval && infop)
- diff -aur linux-4.2/kernel/fork.c linux-4.2.tsarn1/kernel/fork.c
- --- linux-4.2/kernel/fork.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/fork.c 2016-02-08 17:08:07.869336218 +0300
- @@ -1095,6 +1095,7 @@
- static void posix_cpu_timers_init_group(struct signal_struct *sig)
- {
- unsigned long cpu_limit;
- + unsigned long mcpu_limit;
- cpu_limit = READ_ONCE(sig->rlim[RLIMIT_CPU].rlim_cur);
- if (cpu_limit != RLIM_INFINITY) {
- @@ -1102,6 +1103,12 @@
- sig->cputimer.running = 1;
- }
- + mcpu_limit = READ_ONCE(sig->rlim[RLIMIT_MCPU].rlim_cur);
- + if (mcpu_limit != RLIM_INFINITY) {
- + sig->cputime_expires.prof_exp = msecs_to_cputime(mcpu_limit);
- + sig->cputtimer.running = 1;
- + }
- +
- /* The timer lists. */
- INIT_LIST_HEAD(&sig->cpu_timers[0]);
- INIT_LIST_HEAD(&sig->cpu_timers[1]);
- @@ -1687,6 +1694,11 @@
- int trace = 0;
- long nr;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- /*
- * Determine whether and which event to report to ptracer. When
- * called from kernel_thread or CLONE_UNTRACED is explicitly
- @@ -1940,6 +1952,11 @@
- int do_sysvsem = 0;
- int err;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- /*
- * If unsharing a user namespace must also unshare the thread.
- */
- Only in linux-4.2.tsarn1/kernel: fork.c.orig
- diff -aur linux-4.2/kernel/groups.c linux-4.2.tsarn1/kernel/groups.c
- --- linux-4.2/kernel/groups.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/groups.c 2016-02-08 16:51:12.691226127 +0300
- @@ -229,6 +229,11 @@
- struct group_info *group_info;
- int retval;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (!may_setgroups())
- return -EPERM;
- if ((unsigned)gidsetsize > NGROUPS_MAX)
- diff -aur linux-4.2/kernel/kcmp.c linux-4.2.tsarn1/kernel/kcmp.c
- --- linux-4.2/kernel/kcmp.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/kcmp.c 2016-02-08 16:51:12.691226127 +0300
- @@ -100,6 +100,11 @@
- struct task_struct *task1, *task2;
- int ret;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- rcu_read_lock();
- /*
- diff -aur linux-4.2/kernel/kexec.c linux-4.2.tsarn1/kernel/kexec.c
- --- linux-4.2/kernel/kexec.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/kexec.c 2016-02-08 16:51:12.691226127 +0300
- @@ -1253,6 +1253,11 @@
- struct kimage **dest_image, *image;
- int result;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- /* We only trust the superuser with rebooting the system. */
- if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
- return -EPERM;
- @@ -1362,6 +1367,11 @@
- struct kexec_segment out, __user *ksegments;
- unsigned long i, result;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- /* Don't allow clients that don't understand the native
- * architecture to do anything.
- */
- Only in linux-4.2.tsarn1/kernel: kexec.c.orig
- diff -aur linux-4.2/kernel/module.c linux-4.2.tsarn1/kernel/module.c
- --- linux-4.2/kernel/module.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/module.c 2016-02-08 16:51:12.694559498 +0300
- @@ -954,6 +954,11 @@
- char name[MODULE_NAME_LEN];
- int ret, forced = 0;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (!capable(CAP_SYS_MODULE) || modules_disabled)
- return -EPERM;
- @@ -3582,6 +3587,11 @@
- int err;
- struct load_info info = { };
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- err = may_init_module();
- if (err)
- return err;
- @@ -3601,6 +3611,11 @@
- int err;
- struct load_info info = { };
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- err = may_init_module();
- if (err)
- return err;
- Only in linux-4.2.tsarn1/kernel: module.c.orig
- diff -aur linux-4.2/kernel/nsproxy.c linux-4.2.tsarn1/kernel/nsproxy.c
- --- linux-4.2/kernel/nsproxy.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/nsproxy.c 2016-02-08 16:51:12.694559498 +0300
- @@ -226,6 +226,11 @@
- struct ns_common *ns;
- int err;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- file = proc_ns_fget(fd);
- if (IS_ERR(file))
- return PTR_ERR(file);
- diff -aur linux-4.2/kernel/printk/printk.c linux-4.2.tsarn1/kernel/printk/printk.c
- --- linux-4.2/kernel/printk/printk.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/printk/printk.c 2016-02-08 16:51:12.694559498 +0300
- @@ -1418,6 +1418,9 @@
- SYSCALL_DEFINE3(syslog, int, type, char __user *, buf, int, len)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + return -EPERM;
- + }
- return do_syslog(type, buf, len, SYSLOG_FROM_READER);
- }
- Only in linux-4.2.tsarn1/kernel/printk: printk.c.orig
- diff -aur linux-4.2/kernel/ptrace.c linux-4.2.tsarn1/kernel/ptrace.c
- --- linux-4.2/kernel/ptrace.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/ptrace.c 2016-02-08 16:51:12.694559498 +0300
- @@ -1035,6 +1035,24 @@
- struct task_struct *child;
- long ret;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- + if (request == PTRACE_MEMLIMIT) {
- + current->sbox_flags |= SBOX_MEMLIMITON;
- + return 0;
- + }
- + if (request == PTRACE_NO_SYSCALLS) {
- + current->sbox_flags |= SBOX_NO_SYSCALLS;
- + return 0;
- + }
- + if (request == PTRACE_TIMELIMIT) {
- + current->sbox_flags |= SBOX_TLON;
- + return 0;
- + }
- +
- if (request == PTRACE_TRACEME) {
- ret = ptrace_traceme();
- if (!ret)
- @@ -1181,6 +1199,24 @@
- struct task_struct *child;
- long ret;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- + if (request == PTRACE_MEMLIMIT) {
- + current->sbox_flags |= SBOX_MEMLIMITON;
- + return 0;
- + }
- + if (request == PTRACE_NO_SYSCALLS) {
- + current->sbox_flags |= SBOX_NO_SYSCALLS;
- + return 0;
- + }
- + if (request == PTRACE_TIMELIMIT) {
- + current->sbox_flags |= SBOX_TLON;
- + return 0;
- + }
- +
- if (request == PTRACE_TRACEME) {
- ret = ptrace_traceme();
- goto out;
- diff -aur linux-4.2/kernel/reboot.c linux-4.2.tsarn1/kernel/reboot.c
- --- linux-4.2/kernel/reboot.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/reboot.c 2016-02-08 16:51:12.694559498 +0300
- @@ -280,10 +280,16 @@
- SYSCALL_DEFINE4(reboot, int, magic1, int, magic2, unsigned int, cmd,
- void __user *, arg)
- {
- - struct pid_namespace *pid_ns = task_active_pid_ns(current);
- + struct pid_namespace *pid_ns = NULL;
- char buffer[256];
- int ret = 0;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- + pid_ns = task_active_pid_ns(current);
- /* We only trust the superuser with rebooting the system. */
- if (!ns_capable(pid_ns->user_ns, CAP_SYS_BOOT))
- return -EPERM;
- diff -aur linux-4.2/kernel/sched/core.c linux-4.2.tsarn1/kernel/sched/core.c
- --- linux-4.2/kernel/sched/core.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/sched/core.c 2016-02-08 16:51:12.697892871 +0300
- @@ -3403,6 +3403,9 @@
- {
- long nice, retval;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- /*
- * Setpriority might change our priority at the same moment.
- * We don't have to worry. Conceptually one call occurs first
- @@ -4065,6 +4068,11 @@
- SYSCALL_DEFINE3(sched_setscheduler, pid_t, pid, int, policy,
- struct sched_param __user *, param)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- /* negative values for policy are not valid */
- if (policy < 0)
- return -EINVAL;
- @@ -4081,6 +4089,11 @@
- */
- SYSCALL_DEFINE2(sched_setparam, pid_t, pid, struct sched_param __user *, param)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return do_sched_setscheduler(pid, SETPARAM_POLICY, param);
- }
- @@ -4097,6 +4110,11 @@
- struct task_struct *p;
- int retval;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (!uattr || pid < 0 || flags)
- return -EINVAL;
- @@ -4388,6 +4406,11 @@
- cpumask_var_t new_mask;
- int retval;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (!alloc_cpumask_var(&new_mask, GFP_KERNEL))
- return -ENOMEM;
- Only in linux-4.2.tsarn1/kernel/sched: core.c.orig
- diff -aur linux-4.2/kernel/signal.c linux-4.2.tsarn1/kernel/signal.c
- --- linux-4.2/kernel/signal.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/signal.c 2016-02-08 16:51:12.697892871 +0300
- @@ -2587,6 +2587,10 @@
- sigset_t old_set, new_set;
- int error;
- + if (SBOX_IS_RESTRICTED()) {
- + nset = NULL;
- + }
- +
- /* XXX: Don't preclude handling different sized sigset_t's. */
- if (sigsetsize != sizeof(sigset_t))
- return -EINVAL;
- @@ -2618,6 +2622,10 @@
- #ifdef __BIG_ENDIAN
- sigset_t old_set = current->blocked;
- + if (SBOX_IS_RESTRICTED()) {
- + nset = NULL;
- + }
- +
- /* XXX: Don't preclude handling different sized sigset_t's. */
- if (sigsetsize != sizeof(sigset_t))
- return -EINVAL;
- @@ -2897,6 +2905,14 @@
- {
- struct siginfo info;
- + if (SBOX_IS_RESTRICTED()) {
- + if (!pid) pid = current->pid;
- + if (pid != current->pid) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- + }
- +
- info.si_signo = sig;
- info.si_errno = 0;
- info.si_code = SI_USER;
- @@ -2965,6 +2981,11 @@
- if (pid <= 0 || tgid <= 0)
- return -EINVAL;
- + if (SBOX_IS_RESTRICTED() && current->pid != tgid) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return do_tkill(tgid, pid, sig);
- }
- @@ -2981,6 +3002,11 @@
- if (pid <= 0)
- return -EINVAL;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return do_tkill(0, pid, sig);
- }
- @@ -3203,6 +3229,10 @@
- }
- SYSCALL_DEFINE2(sigaltstack,const stack_t __user *,uss, stack_t __user *,uoss)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + return -EPERM;
- + }
- +
- return do_sigaltstack(uss, uoss, current_user_stack_pointer());
- }
- @@ -3230,6 +3260,10 @@
- int ret;
- mm_segment_t seg;
- + if (SBOX_IS_RESTRICTED()) {
- + return -EPERM;
- + }
- +
- if (uss_ptr) {
- compat_stack_t uss32;
- @@ -3302,6 +3336,10 @@
- old_sigset_t old_set, new_set;
- sigset_t new_blocked;
- + if (SBOX_IS_RESTRICTED()) {
- + nset = NULL;
- + }
- +
- old_set = current->blocked.sig[0];
- if (nset) {
- @@ -3513,6 +3551,10 @@
- int old = current->blocked.sig[0];
- sigset_t newset;
- + if (SBOX_IS_RESTRICTED()) {
- + return old;
- + }
- +
- siginitset(&newset, newmask);
- set_current_blocked(&newset);
- Only in linux-4.2.tsarn1/kernel: signal.c.orig
- diff -aur linux-4.2/kernel/sys.c linux-4.2.tsarn1/kernel/sys.c
- --- linux-4.2/kernel/sys.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/sys.c 2016-02-08 17:15:01.794040010 +0300
- @@ -181,6 +181,11 @@
- struct pid *pgrp;
- kuid_t uid;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (which > PRIO_USER || which < PRIO_PROCESS)
- goto out;
- @@ -334,6 +339,11 @@
- int retval;
- kgid_t krgid, kegid;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- krgid = make_kgid(ns, rgid);
- kegid = make_kgid(ns, egid);
- @@ -391,6 +401,11 @@
- int retval;
- kgid_t kgid;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- kgid = make_kgid(ns, gid);
- if (!gid_valid(kgid))
- return -EINVAL;
- @@ -467,6 +482,11 @@
- int retval;
- kuid_t kruid, keuid;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- kruid = make_kuid(ns, ruid);
- keuid = make_kuid(ns, euid);
- @@ -538,6 +558,11 @@
- int retval;
- kuid_t kuid;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- kuid = make_kuid(ns, uid);
- if (!uid_valid(kuid))
- return -EINVAL;
- @@ -585,6 +610,11 @@
- int retval;
- kuid_t kruid, keuid, ksuid;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- kruid = make_kuid(ns, ruid);
- keuid = make_kuid(ns, euid);
- ksuid = make_kuid(ns, suid);
- @@ -672,6 +702,11 @@
- int retval;
- kgid_t krgid, kegid, ksgid;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- krgid = make_kgid(ns, rgid);
- kegid = make_kgid(ns, egid);
- ksgid = make_kgid(ns, sgid);
- @@ -750,6 +785,11 @@
- uid_t old_fsuid;
- kuid_t kuid;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- old = current_cred();
- old_fsuid = from_kuid_munged(old->user_ns, old->fsuid);
- @@ -789,6 +829,11 @@
- gid_t old_fsgid;
- kgid_t kgid;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- old = current_cred();
- old_fsgid = from_kgid_munged(old->user_ns, old->fsgid);
- @@ -923,6 +968,11 @@
- struct pid *pgrp;
- int err;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (!pid)
- pid = task_pid_vnr(group_leader);
- if (!pgid)
- @@ -1070,6 +1120,11 @@
- pid_t session = pid_vnr(sid);
- int err = -EPERM;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- write_lock_irq(&tasklist_lock);
- /* Fail if I am already a session leader */
- if (group_leader->signal->leader)
- @@ -1217,6 +1272,11 @@
- int errno;
- char tmp[__NEW_UTS_LEN];
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN))
- return -EPERM;
- @@ -1268,6 +1328,11 @@
- int errno;
- char tmp[__NEW_UTS_LEN];
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN))
- return -EPERM;
- if (len < 0 || len > __NEW_UTS_LEN)
- @@ -1400,6 +1465,15 @@
- */
- new_rlim->rlim_cur = 1;
- }
- + if (resource == RLIMIT_MCPU && new_rlim->rlim_cur == 0) {
- + /*
- + * The caller is asking for an immediate RLIMIT_MCPU
- + * expiry. But we use the zero value to mean "it was
- + * never set". So let's cheat and make it one second
- + * instead
- + */
- + new_rlim->rlim_cur = 1;
- + }
- }
- if (!retval) {
- if (old_rlim)
- @@ -1454,6 +1528,15 @@
- struct task_struct *tsk;
- int ret;
- + if (SBOX_IS_RESTRICTED()) {
- + if (!pid) pid = current->pid;
- + if (pid != current->pid) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- + new_rlim = NULL;
- + }
- +
- if (new_rlim) {
- if (copy_from_user(&new64, new_rlim, sizeof(new64)))
- return -EFAULT;
- @@ -1491,6 +1574,10 @@
- {
- struct rlimit new_rlim;
- + if (SBOX_IS_RESTRICTED()) {
- + return -EPERM;
- + }
- +
- if (copy_from_user(&new_rlim, rlim, sizeof(*rlim)))
- return -EFAULT;
- return do_prlimit(current, resource, &new_rlim, NULL);
- @@ -1645,6 +1732,10 @@
- SYSCALL_DEFINE1(umask, int, mask)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + return current->fs->umask;
- + }
- +
- mask = xchg(¤t->fs->umask, mask & S_IRWXUGO);
- return mask;
- }
- @@ -2080,6 +2171,11 @@
- unsigned char comm[sizeof(me->comm)];
- long error;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- error = security_task_prctl(option, arg2, arg3, arg4, arg5);
- if (error != -ENOSYS)
- return error;
- @@ -2357,6 +2453,10 @@
- {
- struct sysinfo val;
- + if (SBOX_IS_RESTRICTED()) {
- + return -EPERM;
- + }
- +
- do_sysinfo(&val);
- if (copy_to_user(info, &val, sizeof(struct sysinfo)))
- @@ -2387,6 +2487,10 @@
- {
- struct sysinfo s;
- + if (SBOX_IS_RESTRICTED()) {
- + return -EPERM;
- + }
- +
- do_sysinfo(&s);
- /* Check to see if any memory value is too large for 32-bit and scale
- Only in linux-4.2.tsarn1/kernel: sys.c.orig
- diff -aur linux-4.2/kernel/sysctl_binary.c linux-4.2.tsarn1/kernel/sysctl_binary.c
- --- linux-4.2/kernel/sysctl_binary.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/sysctl_binary.c 2016-02-08 16:51:12.697892871 +0300
- @@ -1423,6 +1423,11 @@
- size_t oldlen = 0;
- ssize_t result;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (copy_from_user(&tmp, args, sizeof(tmp)))
- return -EFAULT;
- @@ -1466,6 +1471,11 @@
- size_t oldlen = 0;
- ssize_t result;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (copy_from_user(&tmp, args, sizeof(tmp)))
- return -EFAULT;
- diff -aur linux-4.2/kernel/time/posix-cpu-timers.c linux-4.2.tsarn1/kernel/time/posix-cpu-timers.c
- --- linux-4.2/kernel/time/posix-cpu-timers.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/time/posix-cpu-timers.c 2016-02-08 17:11:36.575033253 +0300
- @@ -28,6 +28,16 @@
- spin_unlock_irq(&task->sighand->siglock);
- }
- +void update_rlimit_mcpu(struct task_struct *task, unsigned long rlim_new)
- +{
- + cputime_t cputime = msecs_to_cputime(rlim_new);
- +
- + spin_lock_irq(&task->sighand->siglock);
- + set_process_cpu_timer(task, CPUCLOCK_PROF, &cputime, NULL);
- + spin_unlock_irq(&task->sighand->siglock);
- +}
- +
- +
- static int check_clock(const clockid_t which_clock)
- {
- int error = 0;
- @@ -887,6 +897,8 @@
- * At the hard limit, we just die.
- * No need to calculate anything else now.
- */
- + if ((tsk->sbox_flags & SBOX_TLON))
- + tsk->sbox_flags |= SBOX_WAS_TL;
- __group_send_sig_info(SIGKILL, SEND_SIG_PRIV, tsk);
- return;
- }
- @@ -980,6 +992,39 @@
- SIGPROF);
- check_cpu_itimer(tsk, &sig->it[CPUCLOCK_VIRT], &virt_expires, utime,
- SIGVTALRM);
- +
- + soft = READ_ONCE(sig->rlim[RLIMIT_MCPU].rlim_cur);
- + if (soft != RLIM_INFINITY) {
- + unsigned long psecs = cputime_to_secs(ptime);
- + unsigned long hard =
- + READ_ONCE(sig->rlim[RLIMIT_MCPU].rlim_max);
- + cputime_t x;
- + if (psecs >= hard) {
- + /*
- + * At the hard limit, we just die.
- + * No need to calculate anything else now.
- + */
- + if ((tsk->sbox_flags & SBOX_TLON))
- + tsk->sbox_flags |= SBOX_WAS_TL;
- + __group_send_sig_info(SIGKILL, SEND_SIG_PRIV, tsk);
- + return;
- + }
- + if (psecs >= soft) {
- + /*
- + * At the soft limit, send a SIGXCPU every second.
- + */
- + __group_send_sig_info(SIGXCPU, SEND_SIG_PRIV, tsk);
- + if (soft < hard) {
- + soft++;
- + sig->rlim[RLIMIT_MCPU].rlim_cur = soft;
- + }
- + }
- + x = msecs_to_cputime(soft);
- + if (!prof_expires || x < prof_expires) {
- + prof_expires = x;
- + }
- + }
- +
- soft = READ_ONCE(sig->rlim[RLIMIT_CPU].rlim_cur);
- if (soft != RLIM_INFINITY) {
- unsigned long psecs = cputime_to_secs(ptime);
- @@ -991,6 +1036,8 @@
- * At the hard limit, we just die.
- * No need to calculate anything else now.
- */
- + if ((tsk->sbox_flags & SBOX_TLON))
- + tsk->sbox_flags |= SBOX_WAS_TL;
- __group_send_sig_info(SIGKILL, SEND_SIG_PRIV, tsk);
- return;
- }
- Only in linux-4.2.tsarn1/kernel/time: posix-cpu-timers.c.orig
- diff -aur linux-4.2/kernel/time/time.c linux-4.2.tsarn1/kernel/time/time.c
- --- linux-4.2/kernel/time/time.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/time/time.c 2016-02-08 16:51:12.701226243 +0300
- @@ -84,6 +84,11 @@
- struct timespec tv;
- int err;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (get_user(tv.tv_sec, tptr))
- return -EFAULT;
- @@ -197,6 +202,11 @@
- struct timespec new_ts;
- struct timezone new_tz;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (tv) {
- if (copy_from_user(&user_tv, tv, sizeof(*tv)))
- return -EFAULT;
- @@ -220,6 +230,11 @@
- struct timex txc; /* Local copy of parameter */
- int ret;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- /* Copy the user data space into the kernel copy
- * structure. But bear in mind that the structures
- * may change
- Only in linux-4.2.tsarn1/kernel/time: time.c.orig
- diff -aur linux-4.2/kernel/uid16.c linux-4.2.tsarn1/kernel/uid16.c
- --- linux-4.2/kernel/uid16.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/kernel/uid16.c 2016-02-08 16:51:12.701226243 +0300
- @@ -176,6 +176,11 @@
- struct group_info *group_info;
- int retval;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (!may_setgroups())
- return -EPERM;
- if ((unsigned)gidsetsize > NGROUPS_MAX)
- Only in linux-4.2.tsarn1: Makefile.orig
- Only in linux-4.2.tsarn1: Makefile.rej
- diff -aur linux-4.2/mm/madvise.c linux-4.2.tsarn1/mm/madvise.c
- --- linux-4.2/mm/madvise.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/mm/madvise.c 2016-02-08 16:51:12.707892988 +0300
- @@ -466,6 +466,9 @@
- size_t len;
- struct blk_plug plug;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- #ifdef CONFIG_MEMORY_FAILURE
- if (behavior == MADV_HWPOISON || behavior == MADV_SOFT_OFFLINE)
- return madvise_hwpoison(behavior, start, start+len_in);
- Only in linux-4.2.tsarn1/mm: madvise.c.orig
- diff -aur linux-4.2/mm/mempolicy.c linux-4.2.tsarn1/mm/mempolicy.c
- --- linux-4.2/mm/mempolicy.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/mm/mempolicy.c 2016-02-08 16:51:12.707892988 +0300
- @@ -1306,6 +1306,9 @@
- int err;
- unsigned short mode_flags;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- mode_flags = mode & MPOL_MODE_FLAGS;
- mode &= ~MPOL_MODE_FLAGS;
- if (mode >= MPOL_MAX)
- @@ -1327,6 +1330,9 @@
- nodemask_t nodes;
- unsigned short flags;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- flags = mode & MPOL_MODE_FLAGS;
- mode &= ~MPOL_MODE_FLAGS;
- if ((unsigned int)mode >= MPOL_MAX)
- @@ -1352,6 +1358,9 @@
- nodemask_t *new;
- NODEMASK_SCRATCH(scratch);
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (!scratch)
- return -ENOMEM;
- @@ -1443,6 +1452,9 @@
- int uninitialized_var(pval);
- nodemask_t nodes;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (nmask != NULL && maxnode < MAX_NUMNODES)
- return -EINVAL;
- @@ -1472,6 +1484,9 @@
- unsigned long nr_bits, alloc_size;
- DECLARE_BITMAP(bm, MAX_NUMNODES);
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- nr_bits = min_t(unsigned long, maxnode-1, MAX_NUMNODES);
- alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8;
- @@ -1500,6 +1515,9 @@
- unsigned long nr_bits, alloc_size;
- DECLARE_BITMAP(bm, MAX_NUMNODES);
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- nr_bits = min_t(unsigned long, maxnode-1, MAX_NUMNODES);
- alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8;
- @@ -1524,6 +1542,9 @@
- unsigned long nr_bits, alloc_size;
- nodemask_t bm;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- nr_bits = min_t(unsigned long, maxnode-1, MAX_NUMNODES);
- alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8;
- diff -aur linux-4.2/mm/migrate.c linux-4.2.tsarn1/mm/migrate.c
- --- linux-4.2/mm/migrate.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/mm/migrate.c 2016-02-08 16:51:12.707892988 +0300
- @@ -1467,6 +1467,9 @@
- int err;
- nodemask_t task_nodes;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- /* Check flags */
- if (flags & ~(MPOL_MF_MOVE|MPOL_MF_MOVE_ALL))
- return -EINVAL;
- Only in linux-4.2.tsarn1/mm: migrate.c.orig
- diff -aur linux-4.2/mm/mincore.c linux-4.2.tsarn1/mm/mincore.c
- --- linux-4.2/mm/mincore.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/mm/mincore.c 2016-02-08 16:51:12.707892988 +0300
- @@ -224,6 +224,9 @@
- unsigned long pages;
- unsigned char *tmp;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- /* Check the start address: needs to be page-aligned.. */
- if (start & ~PAGE_CACHE_MASK)
- return -EINVAL;
- diff -aur linux-4.2/mm/mlock.c linux-4.2.tsarn1/mm/mlock.c
- --- linux-4.2/mm/mlock.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/mm/mlock.c 2016-02-08 16:51:12.707892988 +0300
- @@ -610,6 +610,9 @@
- unsigned long lock_limit;
- int error = -ENOMEM;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (!can_do_mlock())
- return -EPERM;
- @@ -644,6 +647,9 @@
- {
- int ret;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- len = PAGE_ALIGN(len + (start & ~PAGE_MASK));
- start &= PAGE_MASK;
- @@ -685,6 +691,9 @@
- unsigned long lock_limit;
- int ret = -EINVAL;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (!flags || (flags & ~(MCL_CURRENT | MCL_FUTURE)))
- goto out;
- @@ -715,6 +724,9 @@
- {
- int ret;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- down_write(¤t->mm->mmap_sem);
- ret = do_mlockall(0);
- up_write(¤t->mm->mmap_sem);
- diff -aur linux-4.2/mm/mmap.c linux-4.2.tsarn1/mm/mmap.c
- --- linux-4.2/mm/mmap.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/mm/mmap.c 2016-02-08 16:51:12.711226361 +0300
- @@ -228,6 +228,9 @@
- error:
- vm_unacct_memory(pages);
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- }
- @@ -563,8 +566,9 @@
- if (vma_tmp->vm_end > addr) {
- /* Fail if an existing vma overlaps the area */
- - if (vma_tmp->vm_start < end)
- + if (vma_tmp->vm_start < end) {
- return -ENOMEM;
- + }
- __rb_link = &__rb_parent->rb_left;
- } else {
- rb_prev = __rb_parent;
- @@ -774,8 +778,12 @@
- importer->anon_vma = exporter->anon_vma;
- error = anon_vma_clone(importer, exporter);
- - if (error)
- + if (error) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return error;
- + }
- }
- }
- @@ -1281,11 +1289,15 @@
- /* offset overflow? */
- if ((pgoff + (len >> PAGE_SHIFT)) < pgoff)
- - return -EOVERFLOW;
- + return -EOVERFLOW;
- /* Too many mappings? */
- - if (mm->map_count > sysctl_max_map_count)
- + if (mm->map_count > sysctl_max_map_count) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- /* Obtain the address to map to. we verify (or select) it and ensure
- * that it represents a valid section of the address space.
- @@ -1540,21 +1552,33 @@
- * MAP_FIXED may remove pages of mappings that intersects with
- * requested mapping. Account for the pages it would unmap.
- */
- - if (!(vm_flags & MAP_FIXED))
- + if (!(vm_flags & MAP_FIXED)) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- nr_pages = count_vma_pages_range(mm, addr, addr + len);
- - if (!may_expand_vm(mm, (len >> PAGE_SHIFT) - nr_pages))
- + if (!may_expand_vm(mm, (len >> PAGE_SHIFT) - nr_pages)) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- }
- /* Clear old maps */
- error = -ENOMEM;
- while (find_vma_links(mm, addr, addr + len, &prev, &rb_link,
- &rb_parent)) {
- - if (do_munmap(mm, addr, len))
- + if (do_munmap(mm, addr, len)) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- }
- /*
- @@ -1562,8 +1586,12 @@
- */
- if (accountable_mapping(file, vm_flags)) {
- charged = len >> PAGE_SHIFT;
- - if (security_vm_enough_memory_mm(mm, charged))
- + if (security_vm_enough_memory_mm(mm, charged)) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- vm_flags |= VM_ACCOUNT;
- }
- @@ -1582,6 +1610,10 @@
- */
- vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
- if (!vma) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- +
- error = -ENOMEM;
- goto unacct_error;
- }
- @@ -1706,16 +1738,28 @@
- /* Adjust search length to account for worst case alignment overhead */
- length = info->length + info->align_mask;
- - if (length < info->length)
- + if (length < info->length) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- /* Adjust search limits by the desired length */
- - if (info->high_limit < length)
- + if (info->high_limit < length) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- high_limit = info->high_limit - length;
- - if (info->low_limit > high_limit)
- + if (info->low_limit > high_limit) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- low_limit = info->low_limit + length;
- /* Check if rbtree root looks promising */
- @@ -1741,8 +1785,12 @@
- gap_start = vma->vm_prev ? vma->vm_prev->vm_end : 0;
- check_current:
- /* Check if current node has a suitable gap */
- - if (gap_start > high_limit)
- + if (gap_start > high_limit) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- if (gap_end >= low_limit && gap_end - gap_start >= length)
- goto found;
- @@ -1776,8 +1824,12 @@
- /* Check highest gap, which does not precede any rbtree node */
- gap_start = mm->highest_vm_end;
- gap_end = ULONG_MAX; /* Only for VM_BUG_ON below */
- - if (gap_start > high_limit)
- + if (gap_start > high_limit) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- found:
- /* We found a suitable gap. Clip it with the original low_limit. */
- @@ -1800,20 +1852,32 @@
- /* Adjust search length to account for worst case alignment overhead */
- length = info->length + info->align_mask;
- - if (length < info->length)
- + if (length < info->length) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- /*
- * Adjust search limits by the desired length.
- * See implementation comment at top of unmapped_area().
- */
- gap_end = info->high_limit;
- - if (gap_end < length)
- + if (gap_end < length) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- high_limit = gap_end - length;
- - if (info->low_limit > high_limit)
- + if (info->low_limit > high_limit) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- low_limit = info->low_limit + length;
- /* Check highest gap, which does not precede any rbtree node */
- @@ -1822,11 +1886,19 @@
- goto found_highest;
- /* Check if rbtree root looks promising */
- - if (RB_EMPTY_ROOT(&mm->mm_rb))
- + if (RB_EMPTY_ROOT(&mm->mm_rb)) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- vma = rb_entry(mm->mm_rb.rb_node, struct vm_area_struct, vm_rb);
- - if (vma->rb_subtree_gap < length)
- + if (vma->rb_subtree_gap < length) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- while (true) {
- /* Visit right subtree if it looks promising */
- @@ -1844,8 +1916,12 @@
- check_current:
- /* Check if current node has a suitable gap */
- gap_end = vma->vm_start;
- - if (gap_end < low_limit)
- + if (gap_end < low_limit) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- if (gap_start <= high_limit && gap_end - gap_start >= length)
- goto found;
- @@ -1863,8 +1939,12 @@
- /* Go back up the rbtree to find next candidate node */
- while (true) {
- struct rb_node *prev = &vma->vm_rb;
- - if (!rb_parent(prev))
- + if (!rb_parent(prev)) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- vma = rb_entry(rb_parent(prev),
- struct vm_area_struct, vm_rb);
- if (prev == vma->vm_rb.rb_right) {
- @@ -1910,8 +1990,12 @@
- struct vm_area_struct *vma;
- struct vm_unmapped_area_info info;
- - if (len > TASK_SIZE - mmap_min_addr)
- + if (len > TASK_SIZE - mmap_min_addr) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- if (flags & MAP_FIXED)
- return addr;
- @@ -1949,8 +2033,12 @@
- struct vm_unmapped_area_info info;
- /* requested length too big for entire address space */
- - if (len > TASK_SIZE - mmap_min_addr)
- + if (len > TASK_SIZE - mmap_min_addr) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- if (flags & MAP_FIXED)
- return addr;
- @@ -2001,8 +2089,12 @@
- return error;
- /* Careful about overflows.. */
- - if (len > TASK_SIZE)
- + if (len > TASK_SIZE) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- get_area = current->mm->get_unmapped_area;
- if (file && file->f_op->get_unmapped_area)
- @@ -2011,10 +2103,18 @@
- if (IS_ERR_VALUE(addr))
- return addr;
- - if (addr > TASK_SIZE - len)
- + if (addr > TASK_SIZE - len) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- - if (addr & ~PAGE_MASK)
- + }
- + if (addr & ~PAGE_MASK) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -EINVAL;
- + }
- addr = arch_rebalance_pgtables(addr, len);
- error = security_mmap_addr(addr);
- @@ -2093,15 +2193,23 @@
- unsigned long new_start, actual_size;
- /* address space limit tests */
- - if (!may_expand_vm(mm, grow))
- + if (!may_expand_vm(mm, grow)) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- /* Stack limit test */
- actual_size = size;
- if (size && (vma->vm_flags & (VM_GROWSUP | VM_GROWSDOWN)))
- actual_size -= PAGE_SIZE;
- - if (actual_size > READ_ONCE(rlim[RLIMIT_STACK].rlim_cur))
- + if (actual_size > READ_ONCE(rlim[RLIMIT_STACK].rlim_cur)) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- /* mlock limit tests */
- if (vma->vm_flags & VM_LOCKED) {
- @@ -2110,8 +2218,12 @@
- locked = mm->locked_vm + grow;
- limit = READ_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
- limit >>= PAGE_SHIFT;
- - if (locked > limit && !capable(CAP_IPC_LOCK))
- + if (locked > limit && !capable(CAP_IPC_LOCK)) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- }
- /* Check to ensure the stack will not grow into a hugetlb-only region */
- @@ -2124,8 +2236,12 @@
- * Overcommit.. This must be the final test, as it will
- * update security statistics.
- */
- - if (security_vm_enough_memory_mm(mm, grow))
- + if (security_vm_enough_memory_mm(mm, grow)) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- /* Ok, everything looks good - let it rip */
- if (vma->vm_flags & VM_LOCKED)
- @@ -2150,8 +2266,12 @@
- * We must make sure the anon_vma is allocated
- * so that the anon_vma locking is not a noop.
- */
- - if (unlikely(anon_vma_prepare(vma)))
- + if (unlikely(anon_vma_prepare(vma))) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- vma_lock_anon_vma(vma);
- /*
- @@ -2164,6 +2284,9 @@
- address = PAGE_ALIGN(address+4);
- else {
- vma_unlock_anon_vma(vma);
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- }
- error = 0;
- @@ -2223,8 +2346,12 @@
- * We must make sure the anon_vma is allocated
- * so that the anon_vma locking is not a noop.
- */
- - if (unlikely(anon_vma_prepare(vma)))
- + if (unlikely(anon_vma_prepare(vma))) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- address &= PAGE_MASK;
- error = security_mmap_addr(address);
- @@ -2298,8 +2425,12 @@
- address &= PAGE_MASK;
- next = vma->vm_next;
- if (next && next->vm_start == address + PAGE_SIZE) {
- - if (!(next->vm_flags & VM_GROWSUP))
- + if (!(next->vm_flags & VM_GROWSUP)) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- }
- return expand_upwards(vma, address);
- }
- @@ -2327,8 +2458,12 @@
- address &= PAGE_MASK;
- prev = vma->vm_prev;
- if (prev && prev->vm_end == address) {
- - if (!(prev->vm_flags & VM_GROWSDOWN))
- + if (!(prev->vm_flags & VM_GROWSDOWN)) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- }
- return expand_downwards(vma, address);
- }
- @@ -2637,6 +2772,10 @@
- unsigned long ret = -EINVAL;
- struct file *file;
- + if (SBOX_IS_RESTRICTED()) {
- + return -EPERM;
- + }
- +
- pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. "
- "See Documentation/vm/remap_file_pages.txt.\n",
- current->comm, current->pid);
- @@ -2746,8 +2885,12 @@
- }
- /* Check against address space limits *after* clearing old maps... */
- - if (!may_expand_vm(mm, len >> PAGE_SHIFT))
- + if (!may_expand_vm(mm, len >> PAGE_SHIFT)) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return -ENOMEM;
- + }
- if (mm->map_count > sysctl_max_map_count)
- return -ENOMEM;
- diff -aur linux-4.2/mm/mremap.c linux-4.2.tsarn1/mm/mremap.c
- --- linux-4.2/mm/mremap.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/mm/mremap.c 2016-02-08 16:51:12.711226361 +0300
- @@ -380,8 +380,12 @@
- return ERR_PTR(-EAGAIN);
- }
- - if (!may_expand_vm(mm, (new_len - old_len) >> PAGE_SHIFT))
- + if (!may_expand_vm(mm, (new_len - old_len) >> PAGE_SHIFT)) {
- + if ((current->sbox_flags & SBOX_MEMLIMITON)) {
- + current->sbox_flags |= SBOX_WAS_MEMLIMIT;
- + }
- return ERR_PTR(-ENOMEM);
- + }
- if (vma->vm_flags & VM_ACCOUNT) {
- unsigned long charged = (new_len - old_len) >> PAGE_SHIFT;
- Only in linux-4.2.tsarn1/mm: mremap.c.orig
- diff -aur linux-4.2/mm/msync.c linux-4.2.tsarn1/mm/msync.c
- --- linux-4.2/mm/msync.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/mm/msync.c 2016-02-08 16:51:12.711226361 +0300
- @@ -36,6 +36,9 @@
- int unmapped_error = 0;
- int error = -EINVAL;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- if (flags & ~(MS_ASYNC | MS_INVALIDATE | MS_SYNC))
- goto out;
- if (start & ~PAGE_MASK)
- diff -aur linux-4.2/mm/process_vm_access.c linux-4.2.tsarn1/mm/process_vm_access.c
- --- linux-4.2/mm/process_vm_access.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/mm/process_vm_access.c 2016-02-08 16:51:12.711226361 +0300
- @@ -288,6 +288,8 @@
- unsigned long, liovcnt, const struct iovec __user *, rvec,
- unsigned long, riovcnt, unsigned long, flags)
- {
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- return process_vm_rw(pid, lvec, liovcnt, rvec, riovcnt, flags, 0);
- }
- @@ -296,6 +298,8 @@
- unsigned long, liovcnt, const struct iovec __user *, rvec,
- unsigned long, riovcnt, unsigned long, flags)
- {
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- return process_vm_rw(pid, lvec, liovcnt, rvec, riovcnt, flags, 1);
- }
- @@ -347,6 +351,9 @@
- compat_ulong_t, riovcnt,
- compat_ulong_t, flags)
- {
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- return compat_process_vm_rw(pid, lvec, liovcnt, rvec,
- riovcnt, flags, 0);
- }
- @@ -358,6 +365,9 @@
- compat_ulong_t, riovcnt,
- compat_ulong_t, flags)
- {
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- return compat_process_vm_rw(pid, lvec, liovcnt, rvec,
- riovcnt, flags, 1);
- }
- diff -aur linux-4.2/mm/readahead.c linux-4.2.tsarn1/mm/readahead.c
- --- linux-4.2/mm/readahead.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/mm/readahead.c 2016-02-08 16:51:12.711226361 +0300
- @@ -564,6 +564,9 @@
- ssize_t ret;
- struct fd f;
- + if (SBOX_IS_RESTRICTED())
- + return -EPERM;
- +
- ret = -EBADF;
- f = fdget(fd);
- if (f.file) {
- diff -aur linux-4.2/mm/swapfile.c linux-4.2.tsarn1/mm/swapfile.c
- --- linux-4.2/mm/swapfile.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/mm/swapfile.c 2016-02-08 16:51:12.711226361 +0300
- @@ -1812,6 +1812,11 @@
- int err, found = 0;
- unsigned int old_block_size;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (!capable(CAP_SYS_ADMIN))
- return -EPERM;
- @@ -2361,6 +2366,11 @@
- struct page *page = NULL;
- struct inode *inode = NULL;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (swap_flags & ~SWAP_FLAGS_VALID)
- return -EINVAL;
- diff -aur linux-4.2/net/compat.c linux-4.2.tsarn1/net/compat.c
- --- linux-4.2/net/compat.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/net/compat.c 2016-02-08 16:51:12.711226361 +0300
- @@ -367,8 +367,14 @@
- char __user *, optval, unsigned int, optlen)
- {
- int err;
- - struct socket *sock = sockfd_lookup(fd, &err);
- + struct socket *sock;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- + sock = sockfd_lookup(fd, &err);
- if (sock) {
- err = security_socket_setsockopt(sock, level, optname);
- if (err) {
- @@ -487,8 +493,14 @@
- char __user *, optval, int __user *, optlen)
- {
- int err;
- - struct socket *sock = sockfd_lookup(fd, &err);
- + struct socket *sock;
- +
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- + sock = sockfd_lookup(fd, &err);
- if (sock) {
- err = security_socket_getsockopt(sock, level, optname);
- if (err) {
- @@ -716,23 +728,43 @@
- COMPAT_SYSCALL_DEFINE3(sendmsg, int, fd, struct compat_msghdr __user *, msg, unsigned int, flags)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return __sys_sendmsg(fd, (struct user_msghdr __user *)msg, flags | MSG_CMSG_COMPAT);
- }
- COMPAT_SYSCALL_DEFINE4(sendmmsg, int, fd, struct compat_mmsghdr __user *, mmsg,
- unsigned int, vlen, unsigned int, flags)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return __sys_sendmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
- flags | MSG_CMSG_COMPAT);
- }
- COMPAT_SYSCALL_DEFINE3(recvmsg, int, fd, struct compat_msghdr __user *, msg, unsigned int, flags)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return __sys_recvmsg(fd, (struct user_msghdr __user *)msg, flags | MSG_CMSG_COMPAT);
- }
- COMPAT_SYSCALL_DEFINE4(recv, int, fd, void __user *, buf, compat_size_t, len, unsigned int, flags)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return sys_recv(fd, buf, len, flags | MSG_CMSG_COMPAT);
- }
- @@ -740,6 +772,11 @@
- unsigned int, flags, struct sockaddr __user *, addr,
- int __user *, addrlen)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- return sys_recvfrom(fd, buf, len, flags | MSG_CMSG_COMPAT, addr, addrlen);
- }
- @@ -750,6 +787,11 @@
- int datagrams;
- struct timespec ktspec;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (timeout == NULL)
- return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
- flags | MSG_CMSG_COMPAT, NULL);
- @@ -771,6 +813,11 @@
- u32 a[6];
- u32 a0, a1;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (call < SYS_SOCKET || call > SYS_SENDMMSG)
- return -EINVAL;
- if (copy_from_user(a, args, nas[call]))
- diff -aur linux-4.2/net/socket.c linux-4.2.tsarn1/net/socket.c
- --- linux-4.2/net/socket.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/net/socket.c 2016-02-08 16:51:12.711226361 +0300
- @@ -1222,6 +1222,11 @@
- struct socket *sock;
- int flags;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- /* Check the SOCK_* constants for consistency. */
- BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
- BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
- @@ -1265,6 +1270,11 @@
- struct file *newfile1, *newfile2;
- int flags;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- flags = type & ~SOCK_TYPE_MASK;
- if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
- return -EINVAL;
- @@ -1372,6 +1382,11 @@
- struct sockaddr_storage address;
- int err, fput_needed;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- sock = sockfd_lookup_light(fd, &err, &fput_needed);
- if (sock) {
- err = move_addr_to_kernel(umyaddr, addrlen, &address);
- @@ -1401,6 +1416,11 @@
- int err, fput_needed;
- int somaxconn;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- sock = sockfd_lookup_light(fd, &err, &fput_needed);
- if (sock) {
- somaxconn = sock_net(sock->sk)->core.sysctl_somaxconn;
- @@ -1436,6 +1456,11 @@
- int err, len, newfd, fput_needed;
- struct sockaddr_storage address;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
- return -EINVAL;
- @@ -1534,6 +1559,11 @@
- struct sockaddr_storage address;
- int err, fput_needed;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- sock = sockfd_lookup_light(fd, &err, &fput_needed);
- if (!sock)
- goto out;
- @@ -1566,6 +1596,11 @@
- struct sockaddr_storage address;
- int len, err, fput_needed;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- sock = sockfd_lookup_light(fd, &err, &fput_needed);
- if (!sock)
- goto out;
- @@ -1597,6 +1632,11 @@
- struct sockaddr_storage address;
- int len, err, fput_needed;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- sock = sockfd_lookup_light(fd, &err, &fput_needed);
- if (sock != NULL) {
- err = security_socket_getpeername(sock);
- @@ -1633,6 +1673,11 @@
- struct iovec iov;
- int fput_needed;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- err = import_single_range(WRITE, buff, len, &iov, &msg.msg_iter);
- if (unlikely(err))
- return err;
- @@ -1689,6 +1734,11 @@
- int err, err2;
- int fput_needed;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- err = import_single_range(READ, ubuf, size, &iov, &msg.msg_iter);
- if (unlikely(err))
- return err;
- @@ -1739,6 +1789,11 @@
- int err, fput_needed;
- struct socket *sock;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (optlen < 0)
- return -EINVAL;
- @@ -1773,6 +1828,11 @@
- int err, fput_needed;
- struct socket *sock;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- sock = sockfd_lookup_light(fd, &err, &fput_needed);
- if (sock != NULL) {
- err = security_socket_getsockopt(sock, level, optname);
- @@ -1802,6 +1862,11 @@
- int err, fput_needed;
- struct socket *sock;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- sock = sockfd_lookup_light(fd, &err, &fput_needed);
- if (sock != NULL) {
- err = security_socket_shutdown(sock, how);
- @@ -1992,6 +2057,11 @@
- SYSCALL_DEFINE3(sendmsg, int, fd, struct user_msghdr __user *, msg, unsigned int, flags)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (flags & MSG_CMSG_COMPAT)
- return -EINVAL;
- return __sys_sendmsg(fd, msg, flags);
- @@ -2060,6 +2130,11 @@
- SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg,
- unsigned int, vlen, unsigned int, flags)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (flags & MSG_CMSG_COMPAT)
- return -EINVAL;
- return __sys_sendmmsg(fd, mmsg, vlen, flags);
- @@ -2157,6 +2232,11 @@
- SYSCALL_DEFINE3(recvmsg, int, fd, struct user_msghdr __user *, msg,
- unsigned int, flags)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (flags & MSG_CMSG_COMPAT)
- return -EINVAL;
- return __sys_recvmsg(fd, msg, flags);
- @@ -2277,6 +2357,11 @@
- int datagrams;
- struct timespec timeout_sys;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (flags & MSG_CMSG_COMPAT)
- return -EINVAL;
- @@ -2322,6 +2407,11 @@
- int err;
- unsigned int len;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- if (call < 1 || call > SYS_SENDMMSG)
- return -EINVAL;
- Only in linux-4.2.tsarn1/net: socket.c.orig
- diff -aur linux-4.2/security/keys/keyctl.c linux-4.2.tsarn1/security/keys/keyctl.c
- --- linux-4.2/security/keys/keyctl.c 2015-08-30 21:34:09.000000000 +0300
- +++ linux-4.2.tsarn1/security/keys/keyctl.c 2016-02-08 16:51:12.711226361 +0300
- @@ -69,6 +69,11 @@
- long ret;
- bool vm;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- ret = -EINVAL;
- if (plen > 1024 * 1024 - 1)
- goto error;
- @@ -173,6 +178,11 @@
- char type[32], *description, *callout_info;
- long ret;
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- /* pull the type into kernel space */
- ret = key_get_type_from_user(type, _type, sizeof(type));
- if (ret < 0)
- @@ -1559,6 +1569,11 @@
- SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
- unsigned long, arg4, unsigned long, arg5)
- {
- + if (SBOX_IS_RESTRICTED()) {
- + SBOX_SET_SECURITY_ERR();
- + return -EPERM;
- + }
- +
- switch (option) {
- case KEYCTL_GET_KEYRING_ID:
- return keyctl_get_keyring_ID((key_serial_t) arg2,
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
