# This is a BitKeeper generated patch for the following project:
# Project Name: Linux kernel tree
# This patch format is intended for GNU patch command version 2.5 or higher.
# This patch includes the following deltas:
# ChangeSet 1.558 -> 1.559
# arch/x86_64/ia32/ia32_ioctl.c 1.5 -> 1.6
# drivers/block/swim_iop.c 1.3 -> 1.4
# arch/i386/kernel/mtrr.c 1.16 -> 1.17
# drivers/char/rio/rio_linux.c 1.8 -> 1.9
# drivers/scsi/cpqfcTSinit.c 1.13 -> 1.14
# drivers/char/rocket.c 1.10 -> 1.11
# drivers/block/cpqarray.c 1.30 -> 1.31
# drivers/pcmcia/ds.c 1.12 -> 1.13
# arch/x86_64/kernel/mtrr.c 1.2 -> 1.3
# arch/sparc64/kernel/ioctl32.c 1.26 -> 1.27
# drivers/block/swim3.c 1.4 -> 1.5
# drivers/char/serial167.c 1.7 -> 1.8
# drivers/media/video/zr36120.c 1.14 -> 1.15
# drivers/char/ip2main.c 1.9 -> 1.10
# drivers/char/tty_io.c 1.23 -> 1.24
# drivers/char/mxser.c 1.10 -> 1.11
# drivers/char/vt.c 1.9 -> 1.10
# drivers/s390/char/tubtty.c 1.4 -> 1.5
# drivers/char/moxa.c 1.9 -> 1.10
# arch/ppc64/kernel/ioctl32.c 1.3 -> 1.4
#
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 02/04/26 [email protected] 1.559
# Changed suser() to capable(CAP_SYS_ADMIN) in various places.
# --------------------------------------------
#
diff -Nru a/arch/i386/kernel/mtrr.c b/arch/i386/kernel/mtrr.c
--- a/arch/i386/kernel/mtrr.c Fri Apr 26 18:34:23 2002
+++ b/arch/i386/kernel/mtrr.c Fri Apr 26 18:34:23 2002
@@ -1659,7 +1659,7 @@
char *ptr;
char line[LINE_SIZE];
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN)) return -EPERM;
/* Can't seek (pwrite) on this device */
if (ppos != &file->f_pos) return -ESPIPE;
memset (line, 0, LINE_SIZE);
@@ -1727,28 +1727,28 @@
default:
return -ENOIOCTLCMD;
case MTRRIOC_ADD_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( ! capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_file_add (sentry.base, sentry.size, sentry.type, 1, file, 0);
if (err < 0) return err;
break;
case MTRRIOC_SET_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_add (sentry.base, sentry.size, sentry.type, 0);
if (err < 0) return err;
break;
case MTRRIOC_DEL_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_file_del (sentry.base, sentry.size, file, 0);
if (err < 0) return err;
break;
case MTRRIOC_KILL_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_del (-1, sentry.base, sentry.size);
@@ -1773,28 +1773,28 @@
return -EFAULT;
break;
case MTRRIOC_ADD_PAGE_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_file_add (sentry.base, sentry.size, sentry.type, 1, file, 1);
if (err < 0) return err;
break;
case MTRRIOC_SET_PAGE_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_add_page (sentry.base, sentry.size, sentry.type, 0);
if (err < 0) return err;
break;
case MTRRIOC_DEL_PAGE_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_file_del (sentry.base, sentry.size, file, 1);
if (err < 0) return err;
break;
case MTRRIOC_KILL_PAGE_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_del_page (-1, sentry.base, sentry.size);
diff -Nru a/arch/ppc64/kernel/ioctl32.c b/arch/ppc64/kernel/ioctl32.c
--- a/arch/ppc64/kernel/ioctl32.c Fri Apr 26 18:34:23 2002
+++ b/arch/ppc64/kernel/ioctl32.c Fri Apr 26 18:34:23 2002
@@ -1561,7 +1561,7 @@
* To have permissions to do most of the vt ioctls, we either have
* to be the owner of the tty, or super-user.
*/
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_ADMIN))
return 1;
return 0;
}
diff -Nru a/arch/sparc64/kernel/ioctl32.c b/arch/sparc64/kernel/ioctl32.c
--- a/arch/sparc64/kernel/ioctl32.c Fri Apr 26 18:34:23 2002
+++ b/arch/sparc64/kernel/ioctl32.c Fri Apr 26 18:34:23 2002
@@ -2060,7 +2060,7 @@
* To have permissions to do most of the vt ioctls, we either have
* to be the owner of the tty, or super-user.
*/
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_ADMIN))
return 1;
return 0;
}
diff -Nru a/arch/x86_64/ia32/ia32_ioctl.c b/arch/x86_64/ia32/ia32_ioctl.c
--- a/arch/x86_64/ia32/ia32_ioctl.c Fri Apr 26 18:34:23 2002
+++ b/arch/x86_64/ia32/ia32_ioctl.c Fri Apr 26 18:34:23 2002
@@ -1650,7 +1650,7 @@
* To have permissions to do most of the vt ioctls, we either have
* to be the owner of the tty, or super-user.
*/
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_ADMIN))
return 1;
return 0;
}
diff -Nru a/arch/x86_64/kernel/mtrr.c b/arch/x86_64/kernel/mtrr.c
--- a/arch/x86_64/kernel/mtrr.c Fri Apr 26 18:34:23 2002
+++ b/arch/x86_64/kernel/mtrr.c Fri Apr 26 18:34:23 2002
@@ -983,7 +983,7 @@
char *ptr;
char line[LINE_SIZE];
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
/* Can't seek (pwrite) on this device */
@@ -1071,7 +1071,7 @@
return -ENOIOCTLCMD;
case MTRRIOC_ADD_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1083,7 +1083,7 @@
break;
case MTRRIOC_SET_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1093,7 +1093,7 @@
break;
case MTRRIOC_DEL_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1103,7 +1103,7 @@
break;
case MTRRIOC_KILL_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1134,7 +1134,7 @@
break;
case MTRRIOC_ADD_PAGE_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1146,7 +1146,7 @@
break;
case MTRRIOC_SET_PAGE_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1156,7 +1156,7 @@
break;
case MTRRIOC_DEL_PAGE_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1166,7 +1166,7 @@
break;
case MTRRIOC_KILL_PAGE_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
diff -Nru a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c
--- a/drivers/block/cpqarray.c Fri Apr 26 18:34:23 2002
+++ b/drivers/block/cpqarray.c Fri Apr 26 18:34:23 2002
@@ -787,7 +787,7 @@
if (ctlr > MAX_CTLR || hba[ctlr] == NULL)
return -ENXIO;
- if (!suser() && ida_sizes[(ctlr << CTLR_SHIFT) +
+ if (!capable(CAP_SYS_ADMIN) && ida_sizes[(ctlr << CTLR_SHIFT) +
minor(inode->i_rdev)] == 0)
return -ENXIO;
@@ -797,7 +797,7 @@
* but I'm already using way to many device nodes to claim another one
* for "raw controller".
*/
- if (suser()
+ if (capable(CAP_SYS_ADMIN)
&& ida_sizes[(ctlr << CTLR_SHIFT) + minor(inode->i_rdev)] == 0
&& minor(inode->i_rdev) != 0)
return -ENXIO;
@@ -1139,7 +1139,7 @@
case BLKRRPART:
return revalidate_logvol(inode->i_rdev, 1);
case IDAPASSTHRU:
- if (!suser()) return -EPERM;
+ if (!capable(CAP_SYS_ADMIN)) return -EPERM;
error = copy_from_user(&my_io, io, sizeof(my_io));
if (error) return error;
error = ida_ctlr_ioctl(ctlr, dsk, &my_io);
diff -Nru a/drivers/block/swim3.c b/drivers/block/swim3.c
--- a/drivers/block/swim3.c Fri Apr 26 18:34:23 2002
+++ b/drivers/block/swim3.c Fri Apr 26 18:34:23 2002
@@ -821,7 +821,7 @@
if (devnum >= floppy_count)
return -ENODEV;
- if ((cmd & 0x80) && !suser())
+ if ((cmd & 0x80) && !capable(CAP_SYS_ADMIN))
return -EPERM;
fs = &floppy_states[devnum];
diff -Nru a/drivers/block/swim_iop.c b/drivers/block/swim_iop.c
--- a/drivers/block/swim_iop.c Fri Apr 26 18:34:23 2002
+++ b/drivers/block/swim_iop.c Fri Apr 26 18:34:23 2002
@@ -349,7 +349,7 @@
if (devnum >= floppy_count)
return -ENODEV;
- if ((cmd & 0x80) && !suser())
+ if ((cmd & 0x80) && !capable(CAP_SYS_ADMIN))
return -EPERM;
fs = &floppy_states[devnum];
diff -Nru a/drivers/char/ip2main.c b/drivers/char/ip2main.c
--- a/drivers/char/ip2main.c Fri Apr 26 18:34:23 2002
+++ b/drivers/char/ip2main.c Fri Apr 26 18:34:23 2002
@@ -2660,7 +2660,7 @@
old_flags = pCh->flags;
old_baud_divisor = pCh->BaudDivisor;
- if ( !suser() ) {
+ if ( !capable(CAP_SYS_ADMIN) ) {
if ( ( ns.close_delay != pCh->ClosingDelay ) ||
( (ns.flags & ~ASYNC_USR_MASK) !=
(pCh->flags & ~ASYNC_USR_MASK) ) ) {
diff -Nru a/drivers/char/moxa.c b/drivers/char/moxa.c
--- a/drivers/char/moxa.c Fri Apr 26 18:34:23 2002
+++ b/drivers/char/moxa.c Fri Apr 26 18:34:23 2002
@@ -2799,7 +2799,7 @@
(new_serial.baud_base != 921600))
return (-EPERM);
- if (!suser()) {
+ if (!capable(CAP_SYS_ADMIN)) {
if (((new_serial.flags & ~ASYNC_USR_MASK) !=
(info->asyncflags & ~ASYNC_USR_MASK)))
return (-EPERM);
diff -Nru a/drivers/char/mxser.c b/drivers/char/mxser.c
--- a/drivers/char/mxser.c Fri Apr 26 18:34:23 2002
+++ b/drivers/char/mxser.c Fri Apr 26 18:34:23 2002
@@ -2199,7 +2199,7 @@
flags = info->flags & ASYNC_SPD_MASK;
- if (!suser()) {
+ if (!capable(CAP_SYS_ADMIN)) {
if ((new_serial.baud_base != info->baud_base) ||
(new_serial.close_delay != info->close_delay) ||
((new_serial.flags & ~ASYNC_USR_MASK) !=
diff -Nru a/drivers/char/rio/rio_linux.c b/drivers/char/rio/rio_linux.c
--- a/drivers/char/rio/rio_linux.c Fri Apr 26 18:34:23 2002
+++ b/drivers/char/rio/rio_linux.c Fri Apr 26 18:34:23 2002
@@ -702,7 +702,7 @@
func_enter();
/* The "dev" argument isn't used. */
- rc = -riocontrol (p, 0, cmd, (void *)arg, suser ());
+ rc = -riocontrol (p, 0, cmd, (void *)arg, capable(CAP_SYS_ADMIN));
func_exit ();
return rc;
diff -Nru a/drivers/char/rocket.c b/drivers/char/rocket.c
--- a/drivers/char/rocket.c Fri Apr 26 18:34:23 2002
+++ b/drivers/char/rocket.c Fri Apr 26 18:34:23 2002
@@ -1238,11 +1238,7 @@
if (copy_from_user(&new_serial, new_info, sizeof(new_serial)))
return -EFAULT;
-#ifdef CAP_SYS_ADMIN
if (!capable(CAP_SYS_ADMIN))
-#else
- if (!suser())
-#endif
{
if ((new_serial.flags & ~ROCKET_USR_MASK) !=
(info->flags & ~ROCKET_USR_MASK))
diff -Nru a/drivers/char/serial167.c b/drivers/char/serial167.c
--- a/drivers/char/serial167.c Fri Apr 26 18:34:23 2002
+++ b/drivers/char/serial167.c Fri Apr 26 18:34:23 2002
@@ -1472,7 +1472,7 @@
return -EFAULT;
old_info = *info;
- if (!suser()) {
+ if (!capable(CAP_SYS_ADMIN)) {
if ((new_serial.close_delay != info->close_delay) ||
((new_serial.flags & ASYNC_FLAGS & ~ASYNC_USR_MASK) !=
(info->flags & ASYNC_FLAGS & ~ASYNC_USR_MASK)))
diff -Nru a/drivers/char/tty_io.c b/drivers/char/tty_io.c
--- a/drivers/char/tty_io.c Fri Apr 26 18:34:23 2002
+++ b/drivers/char/tty_io.c Fri Apr 26 18:34:23 2002
@@ -1370,7 +1370,7 @@
retval = -ENODEV;
filp->f_flags = saved_flags;
- if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !suser())
+ if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
retval = -EBUSY;
if (retval) {
@@ -1472,7 +1472,7 @@
{
char ch, mbz = 0;
- if ((current->tty != tty) && !suser())
+ if ((current->tty != tty) && !capable(CAP_SYS_ADMIN))
return -EPERM;
if (get_user(ch, arg))
return -EFAULT;
@@ -1510,7 +1510,7 @@
{
if (IS_SYSCONS_DEV(inode->i_rdev) ||
IS_CONSOLE_DEV(inode->i_rdev)) {
- if (!suser())
+ if (!capable(CAP_SYS_ADMIN))
return -EPERM;
redirect = NULL;
return 0;
@@ -1552,7 +1552,7 @@
* This tty is already the controlling
* tty for another session group!
*/
- if ((arg == 1) && suser()) {
+ if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
/*
* Steal it away
*/
diff -Nru a/drivers/char/vt.c b/drivers/char/vt.c
--- a/drivers/char/vt.c Fri Apr 26 18:34:23 2002
+++ b/drivers/char/vt.c Fri Apr 26 18:34:23 2002
@@ -443,7 +443,7 @@
* to be the owner of the tty, or super-user.
*/
perm = 0;
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_ADMIN))
perm = 1;
kbd = kbd_table + console;
@@ -1038,12 +1038,12 @@
return do_unimap_ioctl(cmd, (struct unimapdesc *)arg, perm);
case VT_LOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_ADMIN))
return -EPERM;
vt_dont_switch = 1;
return 0;
case VT_UNLOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_ADMIN))
return -EPERM;
vt_dont_switch = 0;
return 0;
diff -Nru a/drivers/media/video/zr36120.c b/drivers/media/video/zr36120.c
--- a/drivers/media/video/zr36120.c Fri Apr 26 18:34:23 2002
+++ b/drivers/media/video/zr36120.c Fri Apr 26 18:34:23 2002
@@ -1294,7 +1294,7 @@
#if LINUX_VERSION_CODE >= 0x020100
if(!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_ADMIN))
#else
- if(!suser())
+ if(!capable(CAP_SYS_ADMIN))
#endif
return -EPERM;
if (copy_from_user(&v, arg,sizeof(v)))
diff -Nru a/drivers/pcmcia/ds.c b/drivers/pcmcia/ds.c
--- a/drivers/pcmcia/ds.c Fri Apr 26 18:34:23 2002
+++ b/drivers/pcmcia/ds.c Fri Apr 26 18:34:23 2002
@@ -830,7 +830,7 @@
err = unbind_request(i, &buf.bind_info);
break;
case DS_BIND_MTD:
- if (!suser()) return -EPERM;
+ if (!capable(CAP_SYS_ADMIN)) return -EPERM;
err = bind_mtd(i, &buf.mtd_info);
break;
default:
diff -Nru a/drivers/s390/char/tubtty.c b/drivers/s390/char/tubtty.c
--- a/drivers/s390/char/tubtty.c Fri Apr 26 18:34:23 2002
+++ b/drivers/s390/char/tubtty.c Fri Apr 26 18:34:23 2002
@@ -561,7 +561,7 @@
/*
* Superuser-mode settings affect the driver overall ---
*/
- if (!suser()) {
+ if (!capable(CAP_SYS_ADMIN)) {
return -EPERM;
} else if (strncmp(mybuf, "index=", 6) == 0) {
tty3270_proc_index = simple_strtoul(mybuf + 6, 0,0);
diff -Nru a/drivers/scsi/cpqfcTSinit.c b/drivers/scsi/cpqfcTSinit.c
--- a/drivers/scsi/cpqfcTSinit.c Fri Apr 26 18:34:23 2002
+++ b/drivers/scsi/cpqfcTSinit.c Fri Apr 26 18:34:23 2002
@@ -532,7 +532,7 @@
// must be super user to send stuff directly to the
// controller and/or physical drives...
- if( !suser() )
+ if( !capable(CAP_SYS_ADMIN) )
return -EPERM;
// copy the caller's struct to our space.
> case IDAPASSTHRU:
> - if (!suser()) return -EPERM;
> + if (!capable(CAP_SYS_ADMIN)) return -EPERM;
The cpqarray ones should be CAP_SYS_RAWIO
> diff -Nru a/drivers/scsi/cpqfcTSinit.c b/drivers/scsi/cpqfcTSinit.c
> --- a/drivers/scsi/cpqfcTSinit.c Fri Apr 26 18:34:23 2002
> +++ b/drivers/scsi/cpqfcTSinit.c Fri Apr 26 18:34:23 2002
> @@ -532,7 +532,7 @@
> =20
> // must be super user to send stuff directly to the
> // controller and/or physical drives...
> - if( !suser() )
> + if( !capable(CAP_SYS_ADMIN) )
Also RAWIO
Basically - stuff giving raw hardware access sohuld be CAP_SYS_RAWIO, the
others CAP_SYS_ADMIN is a good general case, but as you change then check
its appropriate
diff -Nru a/arch/i386/kernel/mtrr.c b/arch/i386/kernel/mtrr.c
--- a/arch/i386/kernel/mtrr.c Sat Apr 27 19:14:55 2002
+++ b/arch/i386/kernel/mtrr.c Sat Apr 27 19:14:55 2002
@@ -1659,7 +1659,7 @@
char *ptr;
char line[LINE_SIZE];
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN)) return -EPERM;
/* Can't seek (pwrite) on this device */
if (ppos != &file->f_pos) return -ESPIPE;
memset (line, 0, LINE_SIZE);
@@ -1727,28 +1727,28 @@
default:
return -ENOIOCTLCMD;
case MTRRIOC_ADD_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( ! capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_file_add (sentry.base, sentry.size, sentry.type, 1, file, 0);
if (err < 0) return err;
break;
case MTRRIOC_SET_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_add (sentry.base, sentry.size, sentry.type, 0);
if (err < 0) return err;
break;
case MTRRIOC_DEL_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_file_del (sentry.base, sentry.size, file, 0);
if (err < 0) return err;
break;
case MTRRIOC_KILL_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_del (-1, sentry.base, sentry.size);
@@ -1773,28 +1773,28 @@
return -EFAULT;
break;
case MTRRIOC_ADD_PAGE_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_file_add (sentry.base, sentry.size, sentry.type, 1, file, 1);
if (err < 0) return err;
break;
case MTRRIOC_SET_PAGE_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_add_page (sentry.base, sentry.size, sentry.type, 0);
if (err < 0) return err;
break;
case MTRRIOC_DEL_PAGE_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_file_del (sentry.base, sentry.size, file, 1);
if (err < 0) return err;
break;
case MTRRIOC_KILL_PAGE_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_del_page (-1, sentry.base, sentry.size);
diff -Nru a/arch/ppc64/kernel/ioctl32.c b/arch/ppc64/kernel/ioctl32.c
--- a/arch/ppc64/kernel/ioctl32.c Sat Apr 27 19:14:56 2002
+++ b/arch/ppc64/kernel/ioctl32.c Sat Apr 27 19:14:56 2002
@@ -1561,7 +1561,7 @@
* To have permissions to do most of the vt ioctls, we either have
* to be the owner of the tty, or super-user.
*/
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_ADMIN))
return 1;
return 0;
}
diff -Nru a/arch/sparc64/kernel/ioctl32.c b/arch/sparc64/kernel/ioctl32.c
--- a/arch/sparc64/kernel/ioctl32.c Sat Apr 27 19:14:55 2002
+++ b/arch/sparc64/kernel/ioctl32.c Sat Apr 27 19:14:55 2002
@@ -2060,7 +2060,7 @@
* To have permissions to do most of the vt ioctls, we either have
* to be the owner of the tty, or super-user.
*/
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_ADMIN))
return 1;
return 0;
}
diff -Nru a/arch/x86_64/ia32/ia32_ioctl.c b/arch/x86_64/ia32/ia32_ioctl.c
--- a/arch/x86_64/ia32/ia32_ioctl.c Sat Apr 27 19:14:55 2002
+++ b/arch/x86_64/ia32/ia32_ioctl.c Sat Apr 27 19:14:55 2002
@@ -1650,7 +1650,7 @@
* To have permissions to do most of the vt ioctls, we either have
* to be the owner of the tty, or super-user.
*/
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_ADMIN))
return 1;
return 0;
}
diff -Nru a/arch/x86_64/kernel/mtrr.c b/arch/x86_64/kernel/mtrr.c
--- a/arch/x86_64/kernel/mtrr.c Sat Apr 27 19:14:55 2002
+++ b/arch/x86_64/kernel/mtrr.c Sat Apr 27 19:14:55 2002
@@ -983,7 +983,7 @@
char *ptr;
char line[LINE_SIZE];
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
/* Can't seek (pwrite) on this device */
@@ -1071,7 +1071,7 @@
return -ENOIOCTLCMD;
case MTRRIOC_ADD_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1083,7 +1083,7 @@
break;
case MTRRIOC_SET_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1093,7 +1093,7 @@
break;
case MTRRIOC_DEL_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1103,7 +1103,7 @@
break;
case MTRRIOC_KILL_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1134,7 +1134,7 @@
break;
case MTRRIOC_ADD_PAGE_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1146,7 +1146,7 @@
break;
case MTRRIOC_SET_PAGE_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1156,7 +1156,7 @@
break;
case MTRRIOC_DEL_PAGE_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1166,7 +1166,7 @@
break;
case MTRRIOC_KILL_PAGE_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
diff -Nru a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c
--- a/drivers/block/cpqarray.c Sat Apr 27 19:14:55 2002
+++ b/drivers/block/cpqarray.c Sat Apr 27 19:14:55 2002
@@ -787,7 +787,7 @@
if (ctlr > MAX_CTLR || hba[ctlr] == NULL)
return -ENXIO;
- if (!suser() && ida_sizes[(ctlr << CTLR_SHIFT) +
+ if (!capable(CAP_SYS_ADMIN) && ida_sizes[(ctlr << CTLR_SHIFT) +
minor(inode->i_rdev)] == 0)
return -ENXIO;
@@ -797,7 +797,7 @@
* but I'm already using way to many device nodes to claim another one
* for "raw controller".
*/
- if (suser()
+ if (capable(CAP_SYS_ADMIN)
&& ida_sizes[(ctlr << CTLR_SHIFT) + minor(inode->i_rdev)] == 0
&& minor(inode->i_rdev) != 0)
return -ENXIO;
@@ -1139,7 +1139,7 @@
case BLKRRPART:
return revalidate_logvol(inode->i_rdev, 1);
case IDAPASSTHRU:
- if (!suser()) return -EPERM;
+ if (!capable(CAP_SYS_ADMIN)) return -EPERM;
error = copy_from_user(&my_io, io, sizeof(my_io));
if (error) return error;
error = ida_ctlr_ioctl(ctlr, dsk, &my_io);
diff -Nru a/drivers/block/swim3.c b/drivers/block/swim3.c
--- a/drivers/block/swim3.c Sat Apr 27 19:14:55 2002
+++ b/drivers/block/swim3.c Sat Apr 27 19:14:55 2002
@@ -821,7 +821,7 @@
if (devnum >= floppy_count)
return -ENODEV;
- if ((cmd & 0x80) && !suser())
+ if ((cmd & 0x80) && !capable(CAP_SYS_ADMIN))
return -EPERM;
fs = &floppy_states[devnum];
diff -Nru a/drivers/block/swim_iop.c b/drivers/block/swim_iop.c
--- a/drivers/block/swim_iop.c Sat Apr 27 19:14:55 2002
+++ b/drivers/block/swim_iop.c Sat Apr 27 19:14:55 2002
@@ -349,7 +349,7 @@
if (devnum >= floppy_count)
return -ENODEV;
- if ((cmd & 0x80) && !suser())
+ if ((cmd & 0x80) && !capable(CAP_SYS_ADMIN))
return -EPERM;
fs = &floppy_states[devnum];
diff -Nru a/drivers/char/ip2main.c b/drivers/char/ip2main.c
--- a/drivers/char/ip2main.c Sat Apr 27 19:14:56 2002
+++ b/drivers/char/ip2main.c Sat Apr 27 19:14:56 2002
@@ -2660,7 +2660,7 @@
old_flags = pCh->flags;
old_baud_divisor = pCh->BaudDivisor;
- if ( !suser() ) {
+ if ( !capable(CAP_SYS_ADMIN) ) {
if ( ( ns.close_delay != pCh->ClosingDelay ) ||
( (ns.flags & ~ASYNC_USR_MASK) !=
(pCh->flags & ~ASYNC_USR_MASK) ) ) {
diff -Nru a/drivers/char/moxa.c b/drivers/char/moxa.c
--- a/drivers/char/moxa.c Sat Apr 27 19:14:56 2002
+++ b/drivers/char/moxa.c Sat Apr 27 19:14:56 2002
@@ -2799,7 +2799,7 @@
(new_serial.baud_base != 921600))
return (-EPERM);
- if (!suser()) {
+ if (!capable(CAP_SYS_ADMIN)) {
if (((new_serial.flags & ~ASYNC_USR_MASK) !=
(info->asyncflags & ~ASYNC_USR_MASK)))
return (-EPERM);
diff -Nru a/drivers/char/mxser.c b/drivers/char/mxser.c
--- a/drivers/char/mxser.c Sat Apr 27 19:14:56 2002
+++ b/drivers/char/mxser.c Sat Apr 27 19:14:56 2002
@@ -2199,7 +2199,7 @@
flags = info->flags & ASYNC_SPD_MASK;
- if (!suser()) {
+ if (!capable(CAP_SYS_ADMIN)) {
if ((new_serial.baud_base != info->baud_base) ||
(new_serial.close_delay != info->close_delay) ||
((new_serial.flags & ~ASYNC_USR_MASK) !=
diff -Nru a/drivers/char/rio/rio_linux.c b/drivers/char/rio/rio_linux.c
--- a/drivers/char/rio/rio_linux.c Sat Apr 27 19:14:55 2002
+++ b/drivers/char/rio/rio_linux.c Sat Apr 27 19:14:55 2002
@@ -702,7 +702,7 @@
func_enter();
/* The "dev" argument isn't used. */
- rc = -riocontrol (p, 0, cmd, (void *)arg, suser ());
+ rc = -riocontrol (p, 0, cmd, (void *)arg, capable(CAP_SYS_ADMIN));
func_exit ();
return rc;
diff -Nru a/drivers/char/rocket.c b/drivers/char/rocket.c
--- a/drivers/char/rocket.c Sat Apr 27 19:14:55 2002
+++ b/drivers/char/rocket.c Sat Apr 27 19:14:55 2002
@@ -1238,11 +1238,7 @@
if (copy_from_user(&new_serial, new_info, sizeof(new_serial)))
return -EFAULT;
-#ifdef CAP_SYS_ADMIN
if (!capable(CAP_SYS_ADMIN))
-#else
- if (!suser())
-#endif
{
if ((new_serial.flags & ~ROCKET_USR_MASK) !=
(info->flags & ~ROCKET_USR_MASK))
diff -Nru a/drivers/char/serial167.c b/drivers/char/serial167.c
--- a/drivers/char/serial167.c Sat Apr 27 19:14:55 2002
+++ b/drivers/char/serial167.c Sat Apr 27 19:14:55 2002
@@ -1472,7 +1472,7 @@
return -EFAULT;
old_info = *info;
- if (!suser()) {
+ if (!capable(CAP_SYS_ADMIN)) {
if ((new_serial.close_delay != info->close_delay) ||
((new_serial.flags & ASYNC_FLAGS & ~ASYNC_USR_MASK) !=
(info->flags & ASYNC_FLAGS & ~ASYNC_USR_MASK)))
diff -Nru a/drivers/char/tty_io.c b/drivers/char/tty_io.c
--- a/drivers/char/tty_io.c Sat Apr 27 19:14:56 2002
+++ b/drivers/char/tty_io.c Sat Apr 27 19:14:56 2002
@@ -1370,7 +1370,7 @@
retval = -ENODEV;
filp->f_flags = saved_flags;
- if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !suser())
+ if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
retval = -EBUSY;
if (retval) {
@@ -1472,7 +1472,7 @@
{
char ch, mbz = 0;
- if ((current->tty != tty) && !suser())
+ if ((current->tty != tty) && !capable(CAP_SYS_ADMIN))
return -EPERM;
if (get_user(ch, arg))
return -EFAULT;
@@ -1510,7 +1510,7 @@
{
if (IS_SYSCONS_DEV(inode->i_rdev) ||
IS_CONSOLE_DEV(inode->i_rdev)) {
- if (!suser())
+ if (!capable(CAP_SYS_ADMIN))
return -EPERM;
redirect = NULL;
return 0;
@@ -1552,7 +1552,7 @@
* This tty is already the controlling
* tty for another session group!
*/
- if ((arg == 1) && suser()) {
+ if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
/*
* Steal it away
*/
diff -Nru a/drivers/char/vt.c b/drivers/char/vt.c
--- a/drivers/char/vt.c Sat Apr 27 19:14:56 2002
+++ b/drivers/char/vt.c Sat Apr 27 19:14:56 2002
@@ -443,7 +443,7 @@
* to be the owner of the tty, or super-user.
*/
perm = 0;
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_ADMIN))
perm = 1;
kbd = kbd_table + console;
@@ -1038,12 +1038,12 @@
return do_unimap_ioctl(cmd, (struct unimapdesc *)arg, perm);
case VT_LOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_ADMIN))
return -EPERM;
vt_dont_switch = 1;
return 0;
case VT_UNLOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_ADMIN))
return -EPERM;
vt_dont_switch = 0;
return 0;
diff -Nru a/drivers/media/video/zr36120.c b/drivers/media/video/zr36120.c
--- a/drivers/media/video/zr36120.c Sat Apr 27 19:14:55 2002
+++ b/drivers/media/video/zr36120.c Sat Apr 27 19:14:56 2002
@@ -1294,7 +1294,7 @@
#if LINUX_VERSION_CODE >= 0x020100
if(!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_ADMIN))
#else
- if(!suser())
+ if(!capable(CAP_SYS_ADMIN))
#endif
return -EPERM;
if (copy_from_user(&v, arg,sizeof(v)))
diff -Nru a/drivers/pcmcia/ds.c b/drivers/pcmcia/ds.c
--- a/drivers/pcmcia/ds.c Sat Apr 27 19:14:55 2002
+++ b/drivers/pcmcia/ds.c Sat Apr 27 19:14:55 2002
@@ -830,7 +830,7 @@
err = unbind_request(i, &buf.bind_info);
break;
case DS_BIND_MTD:
- if (!suser()) return -EPERM;
+ if (!capable(CAP_SYS_ADMIN)) return -EPERM;
err = bind_mtd(i, &buf.mtd_info);
break;
default:
diff -Nru a/drivers/s390/char/tubtty.c b/drivers/s390/char/tubtty.c
--- a/drivers/s390/char/tubtty.c Sat Apr 27 19:14:56 2002
+++ b/drivers/s390/char/tubtty.c Sat Apr 27 19:14:56 2002
@@ -561,7 +561,7 @@
/*
* Superuser-mode settings affect the driver overall ---
*/
- if (!suser()) {
+ if (!capable(CAP_SYS_ADMIN)) {
return -EPERM;
} else if (strncmp(mybuf, "index=", 6) == 0) {
tty3270_proc_index = simple_strtoul(mybuf + 6, 0,0);
diff -Nru a/drivers/scsi/cpqfcTSinit.c b/drivers/scsi/cpqfcTSinit.c
--- a/drivers/scsi/cpqfcTSinit.c Sat Apr 27 19:14:55 2002
+++ b/drivers/scsi/cpqfcTSinit.c Sat Apr 27 19:14:55 2002
@@ -532,7 +532,7 @@
// must be super user to send stuff directly to the
// controller and/or physical drives...
- if( !suser() )
+ if( !capable(CAP_SYS_ADMIN) )
return -EPERM;
// copy the caller's struct to our space.
* Colin Slater ([email protected]) wrote:
>
> I figured that it would be functionaly equivilent and didn't pay mutch
> more attention to the issue. I've gone through it all again, and changed
> alot of them to CAP_SYS_TTY_CONFIG and CAP_RAW_IO. New patch attached.
Thanks for working on this change, it's been on the LSM todo list as well.
It looks like the patch is still all CAP_SYS_ADMIN, perhaps you attached
the wrong one. I see one fsuser() check in fs/ufs/balloc.c that should
be converted also.
cheers,
-chris
--- 1.8/fs/ufs/balloc.c Sun Feb 10 04:27:35 2002
+++ edited/fs/ufs/balloc.c Sat Apr 27 18:40:22 2002
@@ -288,7 +288,7 @@
/*
* There is not enough space for user on the device
*/
- if (!fsuser() && ufs_freespace(usb1, UFS_MINFREE) <= 0) {
+ if (!capable(CAP_SYS_RESOURCE) && ufs_freespace(usb1, UFS_MINFREE) <= 0) {
unlock_super (sb);
UFSD(("EXIT (FAILED)\n"))
return 0;
diff -Nru a/arch/i386/kernel/mtrr.c b/arch/i386/kernel/mtrr.c
--- a/arch/i386/kernel/mtrr.c Sun Apr 28 12:41:49 2002
+++ b/arch/i386/kernel/mtrr.c Sun Apr 28 12:41:49 2002
@@ -1659,7 +1659,7 @@
char *ptr;
char line[LINE_SIZE];
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN)) return -EPERM;
/* Can't seek (pwrite) on this device */
if (ppos != &file->f_pos) return -ESPIPE;
memset (line, 0, LINE_SIZE);
@@ -1727,28 +1727,28 @@
default:
return -ENOIOCTLCMD;
case MTRRIOC_ADD_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( ! capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_file_add (sentry.base, sentry.size, sentry.type, 1, file, 0);
if (err < 0) return err;
break;
case MTRRIOC_SET_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_add (sentry.base, sentry.size, sentry.type, 0);
if (err < 0) return err;
break;
case MTRRIOC_DEL_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_file_del (sentry.base, sentry.size, file, 0);
if (err < 0) return err;
break;
case MTRRIOC_KILL_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_del (-1, sentry.base, sentry.size);
@@ -1773,28 +1773,28 @@
return -EFAULT;
break;
case MTRRIOC_ADD_PAGE_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_file_add (sentry.base, sentry.size, sentry.type, 1, file, 1);
if (err < 0) return err;
break;
case MTRRIOC_SET_PAGE_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_add_page (sentry.base, sentry.size, sentry.type, 0);
if (err < 0) return err;
break;
case MTRRIOC_DEL_PAGE_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_file_del (sentry.base, sentry.size, file, 1);
if (err < 0) return err;
break;
case MTRRIOC_KILL_PAGE_ENTRY:
- if ( !suser () ) return -EPERM;
+ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) )
return -EFAULT;
err = mtrr_del_page (-1, sentry.base, sentry.size);
diff -Nru a/arch/ppc64/kernel/ioctl32.c b/arch/ppc64/kernel/ioctl32.c
--- a/arch/ppc64/kernel/ioctl32.c Sun Apr 28 12:41:49 2002
+++ b/arch/ppc64/kernel/ioctl32.c Sun Apr 28 12:41:49 2002
@@ -1559,9 +1559,9 @@
/*
* To have permissions to do most of the vt ioctls, we either have
- * to be the owner of the tty, or super-user.
+ * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
*/
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
return 1;
return 0;
}
diff -Nru a/arch/sparc64/kernel/ioctl32.c b/arch/sparc64/kernel/ioctl32.c
--- a/arch/sparc64/kernel/ioctl32.c Sun Apr 28 12:41:49 2002
+++ b/arch/sparc64/kernel/ioctl32.c Sun Apr 28 12:41:49 2002
@@ -2058,9 +2058,9 @@
/*
* To have permissions to do most of the vt ioctls, we either have
- * to be the owner of the tty, or super-user.
+ * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
*/
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
return 1;
return 0;
}
diff -Nru a/arch/x86_64/ia32/ia32_ioctl.c b/arch/x86_64/ia32/ia32_ioctl.c
--- a/arch/x86_64/ia32/ia32_ioctl.c Sun Apr 28 12:41:49 2002
+++ b/arch/x86_64/ia32/ia32_ioctl.c Sun Apr 28 12:41:49 2002
@@ -1648,9 +1648,9 @@
/*
* To have permissions to do most of the vt ioctls, we either have
- * to be the owner of the tty, or super-user.
+ * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
*/
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
return 1;
return 0;
}
diff -Nru a/arch/x86_64/kernel/mtrr.c b/arch/x86_64/kernel/mtrr.c
--- a/arch/x86_64/kernel/mtrr.c Sun Apr 28 12:41:49 2002
+++ b/arch/x86_64/kernel/mtrr.c Sun Apr 28 12:41:49 2002
@@ -983,7 +983,7 @@
char *ptr;
char line[LINE_SIZE];
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
/* Can't seek (pwrite) on this device */
@@ -1071,7 +1071,7 @@
return -ENOIOCTLCMD;
case MTRRIOC_ADD_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1083,7 +1083,7 @@
break;
case MTRRIOC_SET_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1093,7 +1093,7 @@
break;
case MTRRIOC_DEL_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1103,7 +1103,7 @@
break;
case MTRRIOC_KILL_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1134,7 +1134,7 @@
break;
case MTRRIOC_ADD_PAGE_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1146,7 +1146,7 @@
break;
case MTRRIOC_SET_PAGE_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1156,7 +1156,7 @@
break;
case MTRRIOC_DEL_PAGE_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
@@ -1166,7 +1166,7 @@
break;
case MTRRIOC_KILL_PAGE_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
diff -Nru a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c
--- a/drivers/block/cpqarray.c Sun Apr 28 12:41:49 2002
+++ b/drivers/block/cpqarray.c Sun Apr 28 12:41:49 2002
@@ -787,7 +787,7 @@
if (ctlr > MAX_CTLR || hba[ctlr] == NULL)
return -ENXIO;
- if (!suser() && ida_sizes[(ctlr << CTLR_SHIFT) +
+ if (!capable(CAP_RAW_IO) && ida_sizes[(ctlr << CTLR_SHIFT) +
minor(inode->i_rdev)] == 0)
return -ENXIO;
@@ -797,7 +797,7 @@
* but I'm already using way to many device nodes to claim another one
* for "raw controller".
*/
- if (suser()
+ if (capable(CAP_SYS_ADMIN)
&& ida_sizes[(ctlr << CTLR_SHIFT) + minor(inode->i_rdev)] == 0
&& minor(inode->i_rdev) != 0)
return -ENXIO;
@@ -1139,7 +1139,7 @@
case BLKRRPART:
return revalidate_logvol(inode->i_rdev, 1);
case IDAPASSTHRU:
- if (!suser()) return -EPERM;
+ if (!capable(CAP_RAW_IO)) return -EPERM;
error = copy_from_user(&my_io, io, sizeof(my_io));
if (error) return error;
error = ida_ctlr_ioctl(ctlr, dsk, &my_io);
diff -Nru a/drivers/block/swim3.c b/drivers/block/swim3.c
--- a/drivers/block/swim3.c Sun Apr 28 12:41:49 2002
+++ b/drivers/block/swim3.c Sun Apr 28 12:41:49 2002
@@ -821,7 +821,7 @@
if (devnum >= floppy_count)
return -ENODEV;
- if ((cmd & 0x80) && !suser())
+ if ((cmd & 0x80) && !capable(CAP_SYS_ADMIN))
return -EPERM;
fs = &floppy_states[devnum];
diff -Nru a/drivers/block/swim_iop.c b/drivers/block/swim_iop.c
--- a/drivers/block/swim_iop.c Sun Apr 28 12:41:49 2002
+++ b/drivers/block/swim_iop.c Sun Apr 28 12:41:49 2002
@@ -349,7 +349,7 @@
if (devnum >= floppy_count)
return -ENODEV;
- if ((cmd & 0x80) && !suser())
+ if ((cmd & 0x80) && !capable(CAP_SYS_ADMIN))
return -EPERM;
fs = &floppy_states[devnum];
diff -Nru a/drivers/char/ip2main.c b/drivers/char/ip2main.c
--- a/drivers/char/ip2main.c Sun Apr 28 12:41:49 2002
+++ b/drivers/char/ip2main.c Sun Apr 28 12:41:49 2002
@@ -2660,7 +2660,7 @@
old_flags = pCh->flags;
old_baud_divisor = pCh->BaudDivisor;
- if ( !suser() ) {
+ if ( !capable(CAP_SYS_ADMIN) ) {
if ( ( ns.close_delay != pCh->ClosingDelay ) ||
( (ns.flags & ~ASYNC_USR_MASK) !=
(pCh->flags & ~ASYNC_USR_MASK) ) ) {
diff -Nru a/drivers/char/moxa.c b/drivers/char/moxa.c
--- a/drivers/char/moxa.c Sun Apr 28 12:41:49 2002
+++ b/drivers/char/moxa.c Sun Apr 28 12:41:49 2002
@@ -2799,7 +2799,7 @@
(new_serial.baud_base != 921600))
return (-EPERM);
- if (!suser()) {
+ if (!capable(CAP_SYS_ADMIN)) {
if (((new_serial.flags & ~ASYNC_USR_MASK) !=
(info->asyncflags & ~ASYNC_USR_MASK)))
return (-EPERM);
diff -Nru a/drivers/char/mxser.c b/drivers/char/mxser.c
--- a/drivers/char/mxser.c Sun Apr 28 12:41:49 2002
+++ b/drivers/char/mxser.c Sun Apr 28 12:41:49 2002
@@ -2199,7 +2199,7 @@
flags = info->flags & ASYNC_SPD_MASK;
- if (!suser()) {
+ if (!capable(CAP_SYS_ADMIN)) {
if ((new_serial.baud_base != info->baud_base) ||
(new_serial.close_delay != info->close_delay) ||
((new_serial.flags & ~ASYNC_USR_MASK) !=
diff -Nru a/drivers/char/rio/rio_linux.c b/drivers/char/rio/rio_linux.c
--- a/drivers/char/rio/rio_linux.c Sun Apr 28 12:41:49 2002
+++ b/drivers/char/rio/rio_linux.c Sun Apr 28 12:41:49 2002
@@ -702,7 +702,7 @@
func_enter();
/* The "dev" argument isn't used. */
- rc = -riocontrol (p, 0, cmd, (void *)arg, suser ());
+ rc = -riocontrol (p, 0, cmd, (void *)arg, capable(CAP_SYS_ADMIN));
func_exit ();
return rc;
diff -Nru a/drivers/char/rocket.c b/drivers/char/rocket.c
--- a/drivers/char/rocket.c Sun Apr 28 12:41:49 2002
+++ b/drivers/char/rocket.c Sun Apr 28 12:41:49 2002
@@ -1238,11 +1238,7 @@
if (copy_from_user(&new_serial, new_info, sizeof(new_serial)))
return -EFAULT;
-#ifdef CAP_SYS_ADMIN
if (!capable(CAP_SYS_ADMIN))
-#else
- if (!suser())
-#endif
{
if ((new_serial.flags & ~ROCKET_USR_MASK) !=
(info->flags & ~ROCKET_USR_MASK))
diff -Nru a/drivers/char/serial167.c b/drivers/char/serial167.c
--- a/drivers/char/serial167.c Sun Apr 28 12:41:49 2002
+++ b/drivers/char/serial167.c Sun Apr 28 12:41:49 2002
@@ -1472,7 +1472,7 @@
return -EFAULT;
old_info = *info;
- if (!suser()) {
+ if (!capable(CAP_SYS_ADMIN)) {
if ((new_serial.close_delay != info->close_delay) ||
((new_serial.flags & ASYNC_FLAGS & ~ASYNC_USR_MASK) !=
(info->flags & ASYNC_FLAGS & ~ASYNC_USR_MASK)))
diff -Nru a/drivers/char/tty_io.c b/drivers/char/tty_io.c
--- a/drivers/char/tty_io.c Sun Apr 28 12:41:49 2002
+++ b/drivers/char/tty_io.c Sun Apr 28 12:41:49 2002
@@ -1370,7 +1370,7 @@
retval = -ENODEV;
filp->f_flags = saved_flags;
- if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !suser())
+ if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
retval = -EBUSY;
if (retval) {
@@ -1472,7 +1472,7 @@
{
char ch, mbz = 0;
- if ((current->tty != tty) && !suser())
+ if ((current->tty != tty) && !capable(CAP_SYS_ADMIN))
return -EPERM;
if (get_user(ch, arg))
return -EFAULT;
@@ -1510,7 +1510,7 @@
{
if (IS_SYSCONS_DEV(inode->i_rdev) ||
IS_CONSOLE_DEV(inode->i_rdev)) {
- if (!suser())
+ if (!capable(CAP_SYS_ADMIN))
return -EPERM;
redirect = NULL;
return 0;
@@ -1552,7 +1552,7 @@
* This tty is already the controlling
* tty for another session group!
*/
- if ((arg == 1) && suser()) {
+ if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
/*
* Steal it away
*/
diff -Nru a/drivers/char/vt.c b/drivers/char/vt.c
--- a/drivers/char/vt.c Sun Apr 28 12:41:49 2002
+++ b/drivers/char/vt.c Sun Apr 28 12:41:49 2002
@@ -440,10 +440,10 @@
/*
* To have permissions to do most of the vt ioctls, we either have
- * to be the owner of the tty, or super-user.
+ * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
*/
perm = 0;
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
perm = 1;
kbd = kbd_table + console;
@@ -508,7 +508,7 @@
{
struct kbd_repeat kbrep;
- if (!capable(CAP_SYS_ADMIN))
+ if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
if (copy_from_user(&kbrep, (void *)arg,
@@ -621,7 +621,7 @@
case KDGETKEYCODE:
case KDSETKEYCODE:
- if(!capable(CAP_SYS_ADMIN))
+ if(!capable(CAP_SYS_TTY_CONFIG))
perm=0;
return do_kbkeycode_ioctl(cmd, (struct kbkeycode *)arg, perm);
@@ -1038,12 +1038,12 @@
return do_unimap_ioctl(cmd, (struct unimapdesc *)arg, perm);
case VT_LOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
vt_dont_switch = 1;
return 0;
case VT_UNLOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
vt_dont_switch = 0;
return 0;
diff -Nru a/drivers/media/video/zr36120.c b/drivers/media/video/zr36120.c
--- a/drivers/media/video/zr36120.c Sun Apr 28 12:41:49 2002
+++ b/drivers/media/video/zr36120.c Sun Apr 28 12:41:49 2002
@@ -1291,11 +1291,7 @@
case VIDIOCSFBUF:
{
struct video_buffer v;
-#if LINUX_VERSION_CODE >= 0x020100
- if(!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_ADMIN))
-#else
- if(!suser())
-#endif
+ if(!capable(CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user(&v, arg,sizeof(v)))
return -EFAULT;
diff -Nru a/drivers/pcmcia/ds.c b/drivers/pcmcia/ds.c
--- a/drivers/pcmcia/ds.c Sun Apr 28 12:41:49 2002
+++ b/drivers/pcmcia/ds.c Sun Apr 28 12:41:49 2002
@@ -830,7 +830,7 @@
err = unbind_request(i, &buf.bind_info);
break;
case DS_BIND_MTD:
- if (!suser()) return -EPERM;
+ if (!capable(CAP_SYS_ADMIN)) return -EPERM;
err = bind_mtd(i, &buf.mtd_info);
break;
default:
diff -Nru a/drivers/s390/char/tubtty.c b/drivers/s390/char/tubtty.c
--- a/drivers/s390/char/tubtty.c Sun Apr 28 12:41:49 2002
+++ b/drivers/s390/char/tubtty.c Sun Apr 28 12:41:49 2002
@@ -561,7 +561,7 @@
/*
* Superuser-mode settings affect the driver overall ---
*/
- if (!suser()) {
+ if (!capable(CAP_SYS_TTY_CONFIG)) {
return -EPERM;
} else if (strncmp(mybuf, "index=", 6) == 0) {
tty3270_proc_index = simple_strtoul(mybuf + 6, 0,0);
diff -Nru a/drivers/scsi/cpqfcTSinit.c b/drivers/scsi/cpqfcTSinit.c
--- a/drivers/scsi/cpqfcTSinit.c Sun Apr 28 12:41:49 2002
+++ b/drivers/scsi/cpqfcTSinit.c Sun Apr 28 12:41:49 2002
@@ -532,7 +532,7 @@
// must be super user to send stuff directly to the
// controller and/or physical drives...
- if( !suser() )
+ if( !capable(CAP_RAW_IO) )
return -EPERM;
// copy the caller's struct to our space.
diff -Nru a/fs/ufs/balloc.c b/fs/ufs/balloc.c
--- a/fs/ufs/balloc.c Sun Apr 28 12:41:49 2002
+++ b/fs/ufs/balloc.c Sun Apr 28 12:41:49 2002
@@ -288,7 +288,7 @@
/*
* There is not enough space for user on the device
*/
- if (!fsuser() && ufs_freespace(usb1, UFS_MINFREE) <= 0) {
+ if (!capable(CAP_SYS_RESOURCE) && ufs_freespace(usb1, UFS_MINFREE) <= 0) {
unlock_super (sb);
UFSD(("EXIT (FAILED)\n"))
return 0;