Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932561AbWCGA5Z (ORCPT ); Mon, 6 Mar 2006 19:57:25 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S932563AbWCGA5Z (ORCPT ); Mon, 6 Mar 2006 19:57:25 -0500 Received: from 216-99-217-87.dsl.aracnet.com ([216.99.217.87]:50562 "EHLO sorel.sous-sol.org") by vger.kernel.org with ESMTP id S932561AbWCGA5Y (ORCPT ); Mon, 6 Mar 2006 19:57:24 -0500 Date: Mon, 6 Mar 2006 17:01:39 -0800 From: Chris Wright To: Dave Hansen Cc: linux-kernel@vger.kernel.org, serue@us.ibm.com, frankeh@watson.ibm.com, clg@fr.ibm.com, Herbert Poetzl , Sam Vilain Subject: Re: [RFC][PATCH 1/6] prepare sysctls for containers Message-ID: <20060307010139.GF27645@sorel.sous-sol.org> References: <20060306235248.20842700@localhost.localdomain> <20060306235249.880CB28A@localhost.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060306235249.880CB28A@localhost.localdomain> User-Agent: Mutt/1.4.2.1i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1456 Lines: 38 * Dave Hansen (haveblue@us.ibm.com) wrote: > /* If there is no strategy routine, or if the strategy returns > * zero, proceed with automatic r/w */ > - if (table->data && table->maxlen) { > + data = sysctl_table_data(table); > + if (data && table->maxlen) { > if (oldval && oldlenp) { > if (get_user(len, oldlenp)) > return -EFAULT; > if (len) { > if (len > table->maxlen) > len = table->maxlen; > - if(copy_to_user(oldval, table->data, len)) > + if(copy_to_user(oldval, data, len)) > return -EFAULT; > if(put_user(len, oldlenp)) > return -EFAULT; > @@ -1241,7 +1261,7 @@ int do_sysctl_strategy (ctl_table *table > len = newlen; > if (len > table->maxlen) > len = table->maxlen; > - if(copy_from_user(table->data, newval, len)) > + if(copy_from_user(data, newval, len)) > return -EFAULT; Interesting idea. One piece that's missing is strategy for controlling creation the new context (assuming the data_access() will always evaluate into a context sensitive piece of data). Otherwise a user can get out of the limits imposed by sysadmin (since they may have placed themselves in a context which differs from admin). thanks, -chris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/