From: Stanislav Ievlev <inger@altlinux.ru>
To: devel@altlinux.ru
Subject: [devel] RC redirect - 2.0
Date: Tue, 17 Jul 2001 17:47:19 +0400
Message-ID: <3B5441E7.2020201@altlinux.ru> (raw)
[-- Attachment #1: Type: text/plain, Size: 498 bytes --]
Для любителей копаться в ядре второе поколение патча для перенаправления
по RC-ролям
на этот раз это перенаправление по каталогам
Как заводится:
1. Создается каталог /tmp/redirect
2. Создаются подкаталоги /tmp/redirect/1, /tmp/redirect/2,...
3. Устанавливается rc_initial_role для /tmp/redirect в 99.
4. Теперь при заходе в каталог /tmp/redirect пользователь будет реально
попадать в /tmp/redirect/<role-num>
Патч прилагается (патчатся d_path() и path_walk() )
------------
Станислав Иевлев.
[-- Attachment #2: rsbac-rc-redirect-2.patch --]
[-- Type: text/plain, Size: 6121 bytes --]
diff -Naur linux.orig/fs/dcache.c linux/fs/dcache.c
--- linux.orig/fs/dcache.c Tue Jul 17 17:19:14 2001
+++ linux/fs/dcache.c Tue Jul 17 17:20:55 2001
@@ -26,6 +26,14 @@
#include <asm/uaccess.h>
+//REDIRECTION
+/* RSBAC */
+#ifdef CONFIG_RSBAC
+#include <rsbac/adf.h>
+#include <rsbac/fs.h>
+#endif
+//REDIRECTION
+
#define DCACHE_PARANOIA 1
/* #define DCACHE_DEBUG 1 */
@@ -948,6 +956,10 @@
char * end = buffer+buflen;
char * retval;
int namelen;
+//REDIRECTION
+ union rsbac_target_id_t redir_rsbac_target_id;
+ union rsbac_attribute_value_t redir_rsbac_attribute_value;
+//REDIRECTION
*--end = '\0';
buflen--;
@@ -963,7 +975,7 @@
for (;;) {
struct dentry * parent;
-
+
if (dentry == root && vfsmnt == rootmnt)
break;
if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
@@ -974,6 +986,29 @@
vfsmnt = vfsmnt->mnt_parent;
continue;
}
+//REDIRECTION
+ redir_rsbac_target_id.dir.device = dentry->d_parent->d_inode->i_dev;
+ redir_rsbac_target_id.dir.inode = dentry->d_parent->d_inode->i_ino;
+ redir_rsbac_target_id.dir.dentry_p = dentry->d_parent;
+ redir_rsbac_attribute_value.dummy = 0;
+
+ if (rsbac_get_attr(T_DIR,
+ redir_rsbac_target_id,
+ A_rc_initial_role,
+ &redir_rsbac_attribute_value,
+ FALSE))
+ {
+ printk(KERN_WARNING "d_path(): rsbac_get_attr() returned error!\n");
+ }
+
+ if (redir_rsbac_attribute_value.rc_initial_role==99){
+ //printk("d_path: super dir!\n");
+ dentry = dentry->d_parent;
+ continue;
+ }
+ //printk(KERN_EMERG "d_path: %lu\n",dentry->d_inode->i_ino);
+//REDIRECTION
+
parent = dentry->d_parent;
namelen = dentry->d_name.len;
buflen -= namelen + 1;
diff -Naur linux.orig/fs/namei.c linux/fs/namei.c
--- linux.orig/fs/namei.c Tue Jul 17 17:19:37 2001
+++ linux/fs/namei.c Tue Jul 17 16:56:52 2001
@@ -453,6 +453,11 @@
union rsbac_target_id_t rsbac_target_id;
union rsbac_attribute_value_t rsbac_attribute_value;
#endif
+//REDIRECTION
+ union rsbac_target_id_t redir_rsbac_target_id;
+ union rsbac_attribute_value_t redir_rsbac_attribute_value;
+//REDIRECTION
+
while (*name=='/')
name++;
@@ -513,6 +518,7 @@
while (*++name == '/');
if (!*name)
goto last_with_slashes;
+
/*
* "." and ".." are special - ".." especially so because it has
@@ -531,6 +537,7 @@
case 1:
continue;
}
+
/*
* See if the low-level filesystem might want
* to use its own hash..
@@ -579,6 +586,59 @@
err = -ENOTDIR;
if (!inode->i_op->lookup)
break;
+
+//REDIRECTION
+ if (inode){
+ redir_rsbac_target_id.dir.device = inode->i_dev;
+ redir_rsbac_target_id.dir.inode = inode->i_ino;
+ redir_rsbac_target_id.dir.dentry_p = nd->dentry;
+ redir_rsbac_attribute_value.dummy = 0;
+
+ if (rsbac_get_attr(T_DIR,
+ redir_rsbac_target_id,
+ A_rc_initial_role,
+ &redir_rsbac_attribute_value,
+ FALSE))
+ {
+ printk(KERN_WARNING "path_walk(): rsbac_get_attr() returned error!\n");
+ }
+
+ if (redir_rsbac_attribute_value.rc_initial_role==99)
+ {
+ char *new_name=kmalloc(10,GFP_KERNEL);
+ int new_error;
+ unsigned int old_lookup_flags = nd->flags;
+
+ redir_rsbac_target_id.process = current->pid;
+ if (rsbac_get_attr(T_PROCESS,
+ redir_rsbac_target_id,
+ A_rc_role,
+ &redir_rsbac_attribute_value,
+ FALSE))
+ {
+ printk(KERN_WARNING "path_walk(): rsbac_get_attr() returned error!\n");
+ }
+
+ sprintf(new_name,"%u",redir_rsbac_attribute_value.rc_role);
+ nd->flags=LOOKUP_FOLLOW|LOOKUP_POSITIVE;
+ //strcpy (new_name,"2");
+
+ new_error=path_walk(new_name,nd);
+ nd->flags=old_lookup_flags;
+
+ if (new_error>=0)
+ {
+ //printk (KERN_EMERG "1>> REDIRECT %s %lu\n",new_name,nd->dentry->d_inode->i_ino);
+ dentry=nd->dentry;
+ inode=dentry->d_inode;
+ };
+
+ kfree(new_name);
+ }
+ //printk(KERN_EMERG "1>>`%s` %lu\n",this.name,inode->i_ino);
+ }
+//REDIRECTION
+
continue;
/* here ends the main loop */
@@ -633,6 +693,58 @@
if (!inode->i_op || !inode->i_op->lookup)
break;
}
+//REDIRECTION
+ if (inode){
+ redir_rsbac_target_id.dir.device = inode->i_dev;
+ redir_rsbac_target_id.dir.inode = inode->i_ino;
+ redir_rsbac_target_id.dir.dentry_p = nd->dentry;
+ redir_rsbac_attribute_value.dummy = 0;
+
+ if (rsbac_get_attr(T_DIR,
+ redir_rsbac_target_id,
+ A_rc_initial_role,
+ &redir_rsbac_attribute_value,
+ FALSE))
+ {
+ printk(KERN_WARNING "path_walk()-2: rsbac_get_attr() returned error!\n");
+ }
+
+ if (redir_rsbac_attribute_value.rc_initial_role==99)
+ {
+ char *new_name=kmalloc(10,GFP_KERNEL);
+ int new_error;
+ unsigned int old_lookup_flags = nd->flags;
+
+ redir_rsbac_target_id.process = current->pid;
+ if (rsbac_get_attr(T_PROCESS,
+ redir_rsbac_target_id,
+ A_rc_role,
+ &redir_rsbac_attribute_value,
+ FALSE))
+ {
+ printk(KERN_WARNING "path_walk()-2: rsbac_get_attr() returned error!\n");
+ }
+
+ sprintf(new_name,"%u",redir_rsbac_attribute_value.rc_role);
+
+ nd->flags=LOOKUP_FOLLOW|LOOKUP_POSITIVE;
+ //strcpy (new_name,"2");
+
+ new_error=path_walk(new_name,nd);
+ nd->flags=old_lookup_flags;
+
+ if (new_error>=0)
+ {
+ //printk (KERN_EMERG "2>> REDIRECT %s %lu\n",new_name,nd->dentry->d_inode->i_ino);
+ dentry=nd->dentry;
+ inode=dentry->d_inode;
+ };
+
+ kfree(new_name);
+ }
+ //printk(KERN_EMERG "2>>`%s` %lu\n",this.name,inode->i_ino);
+ }
+//REDIRECTION
goto return_base;
no_inode:
err = -ENOENT;
reply other threads:[~2001-07-17 13:47 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3B5441E7.2020201@altlinux.ru \
--to=inger@altlinux.ru \
--cc=devel@altlinux.ru \
--cc=devel@linux.iplabs.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git