plain text document attachment (rbce_cmd_path_term.patch)
Patch: rbce_cmd_path_term.patch
Description:
Add command path term support. kmalloc and copy the path at exec time,
attaching the kmalloc'd string to the CE data of the task.
Signed-Off-By: Matt Helsley <[EMAIL PROTECTED]>
%patch
Index: linux-2.6.12-rc3/include/linux/ckrm_events.h
===================================================================
--- linux-2.6.12-rc3.orig/include/linux/ckrm_events.h 2005-05-23
17:12:49.605844224 -0700
+++ linux-2.6.12-rc3/include/linux/ckrm_events.h 2005-05-23
18:35:35.989839096 -0700
@@ -108,10 +108,11 @@ int ckrm_unregister_event_cb(enum ckrm_e
extern void ckrm_invoke_event_cb_chain(enum ckrm_event ev, void *arg);
/* forward declarations for function arguments */
#include <linux/sched.h> /* for task_struct */
+#include <linux/binfmts.h> /* for struct linux_binprm */
struct sock;
struct user_struct;
static inline void ckrm_cb_fork(struct task_struct *p)
@@ -131,14 +132,14 @@ static inline void ckrm_cb_exit(struct t
{
ckrm_invoke_event_cb_chain(CKRM_EVENT_EXIT, p);
p->ce_data = NULL;
}
-static inline void ckrm_cb_exec(char *c)
+static inline void ckrm_cb_exec(struct linux_binprm *bprm)
{
- ckrm_invoke_event_cb_chain(CKRM_EVENT_EXEC, c);
- }
+ ckrm_invoke_event_cb_chain(CKRM_EVENT_EXEC, bprm);
+}
static inline void ckrm_cb_uid(void)
{
ckrm_invoke_event_cb_chain(CKRM_EVENT_UID, NULL);
}
Index: linux-2.6.12-rc3/kernel/ckrm/ckrm_tc.c
===================================================================
--- linux-2.6.12-rc3.orig/kernel/ckrm/ckrm_tc.c 2005-05-23 18:33:00.628457616
-0700
+++ linux-2.6.12-rc3/kernel/ckrm/ckrm_tc.c 2005-05-23 18:36:44.493424968
-0700
@@ -231,28 +231,28 @@ static void tc_add_resctrl(struct ckrm_c
/**************************************************************************
* Functions called from classification points *
**************************************************************************/
-#define CE_CLASSIFY_TASK(event, tsk) \
+#define CE_CLASSIFY_TASK(event, tsk, ...) \
do { \
struct ckrm_task_class *newcls = NULL; \
struct ckrm_task_class *oldcls = tsk->taskclass; \
\
- CE_CLASSIFY_RET(newcls,&ct_taskclass,event,tsk); \
+ CE_CLASSIFY_RET(newcls,&ct_taskclass,event,tsk, ## __VA_ARGS__); \
if (newcls) { \
/* called synchrously. no need to get task struct */ \
ckrm_set_taskclass(tsk, newcls, oldcls, event); \
} \
} while (0)
-#define CE_CLASSIFY_TASK_PROTECT(event, tsk) \
-do { \
- ce_protect(&ct_taskclass); \
- CE_CLASSIFY_TASK(event,tsk); \
- ce_release(&ct_taskclass); \
+#define CE_CLASSIFY_TASK_PROTECT(event, tsk, ...) \
+do { \
+ ce_protect(&ct_taskclass); \
+ CE_CLASSIFY_TASK(event,tsk, ## __VA_ARGS__); \
+ ce_release(&ct_taskclass); \
} while (0)
static void cb_taskclass_newtask(void *tsk1)
{
struct task_struct *tsk = (struct task_struct *)tsk1;
@@ -290,15 +290,16 @@ static void cb_taskclass_exit(void *tsk1
CE_CLASSIFY_NORET(&ct_taskclass, CKRM_EVENT_EXIT, tsk);
ckrm_set_taskclass(tsk, (void *)-1, NULL, CKRM_EVENT_EXIT);
}
-static void cb_taskclass_exec(void *filename)
+static void cb_taskclass_exec(void *bprm)
{
pr_debug("%p:%d:%s <%s>\n", current, current->pid, current->comm,
- (const char *)filename);
- CE_CLASSIFY_TASK_PROTECT(CKRM_EVENT_EXEC, current);
+ bprm->filename);
+ CE_CLASSIFY_TASK_PROTECT(CKRM_EVENT_EXEC, current,
+ (struct linux_binprm*)bprm);
}
static void cb_taskclass_uid(void *arg)
{
pr_debug("%p:%d:%s\n", current, current->pid, current->comm);
Index: linux-2.6.12-rc3/kernel/ckrm/rbce/rbce_main.c
===================================================================
--- linux-2.6.12-rc3.orig/kernel/ckrm/rbce/rbce_main.c 2005-05-23
18:35:19.314374152 -0700
+++ linux-2.6.12-rc3/kernel/ckrm/rbce/rbce_main.c 2005-05-23
18:35:35.993838488 -0700
@@ -31,11 +31,11 @@ MODULE_LICENSE("GPL");
static char modname[] = RBCE_MOD_NAME;
/* ==================== global variables etc., ==================== */
int termop_2_vecidx[RBCE_RULE_INVALID] = {
- [RBCE_RULE_CMD_PATH] = RBCE_TERM_CMD,
+ [RBCE_RULE_CMD_PATH] = RBCE_TERM_CMD_PATH,
[RBCE_RULE_CMD] = RBCE_TERM_CMD,
[RBCE_RULE_ARGS] = RBCE_TERM_CMD,
[RBCE_RULE_REAL_UID] = RBCE_TERM_UID,
[RBCE_RULE_REAL_GID] = RBCE_TERM_GID,
[RBCE_RULE_EFFECTIVE_UID] = RBCE_TERM_UID,
Index: linux-2.6.12-rc3/kernel/ckrm/rbce/rbce_internal.h
===================================================================
--- linux-2.6.12-rc3.orig/kernel/ckrm/rbce/rbce_internal.h 2005-05-23
18:35:08.971946440 -0700
+++ linux-2.6.12-rc3/kernel/ckrm/rbce/rbce_internal.h 2005-05-23
18:35:35.994838336 -0700
@@ -125,23 +125,26 @@ struct rbce_rule {
#define RBCE_TERM_UID (1)
#define RBCE_TERM_GID (2)
#define RBCE_TERM_TAG (3)
#define RBCE_TERM_IPV4 (4)
#define RBCE_TERM_IPV6 (5)
+#define RBCE_TERM_CMD_PATH (6)
-#define NUM_TERM_MASK_VECTOR (6)
+#define NUM_TERM_MASK_VECTOR (7)
/* Rule flags. 1 bit for each type of rule term */
#define RBCE_TERMFLAG_CMD (1 << RBCE_TERM_CMD)
+#define RBCE_TERMFLAG_CMD_PATH (1 << RBCE_TERM_CMD_PATH)
#define RBCE_TERMFLAG_UID (1 << RBCE_TERM_UID)
#define RBCE_TERMFLAG_GID (1 << RBCE_TERM_GID)
#define RBCE_TERMFLAG_TAG (1 << RBCE_TERM_TAG)
#define RBCE_TERMFLAG_IPV4 (1 << RBCE_TERM_IPV4)
#define RBCE_TERMFLAG_IPV6 (1 << RBCE_TERM_IPV6)
#define RBCE_TERMFLAG_ALL (RBCE_TERMFLAG_CMD | RBCE_TERMFLAG_UID |
\
RBCE_TERMFLAG_GID | RBCE_TERMFLAG_TAG | \
- RBCE_TERMFLAG_IPV4 | RBCE_TERMFLAG_IPV6)
+ RBCE_TERMFLAG_IPV4 | RBCE_TERMFLAG_IPV6 | \
+ RBCE_TERMFLAG_CMD_PATH)
/* Token operation related data structures, functions etc., */
typedef int __bitwise rule_token_t;
enum rule_token {
TOKEN_PATH = (__force rule_token_t) 1,
@@ -201,10 +204,13 @@ enum op_token {
* Each rule and each term of a rule has a corresponding bit in the vector.
*
*/
struct rbce_private_data {
struct rbce_ext_private_data ext_data;
+ struct {
+ char *filename;
+ } task_xattrib;
int evaluate; /* whether to evaluate rules or not ? */
int rules_version; /* rules_version at last evaluation */
bitvector_t *eval;
bitvector_t *true;
char *app_tag;
Index: linux-2.6.12-rc3/kernel/ckrm/rbce/rbce_core.c
===================================================================
--- linux-2.6.12-rc3.orig/kernel/ckrm/rbce/rbce_core.c 2005-05-23
18:35:20.097255136 -0700
+++ linux-2.6.12-rc3/kernel/ckrm/rbce/rbce_core.c 2005-05-23
18:35:35.996838032 -0700
@@ -316,16 +316,26 @@ __evaluate_rule(struct task_struct *tsk,
if (!bitvector_test(tidx, vec_eval)) {
struct rbce_rule_term *term = &gl_terms[tidx];
switch (term->op) {
- case RBCE_RULE_CMD_PATH:
- case RBCE_RULE_CMD:
- rc = match_cmd(tsk->comm, term->u.string,
- (term->op ==
- RBCE_RULE_CMD_PATH));
+ case RBCE_RULE_CMD_PATH: /* full command path */
+ {
+ char *path = NULL;
+ path =
RBCE_DATA(tsk)->task_xattrib.filename;
+ if (!path)
+ path = tsk->comm;
+ rc = match_cmd(path, term->u.string, 1);
+ if (filename)
+ *filename = path;
+ }
break;
+ case RBCE_RULE_CMD: /* command basename */
+ rc = match_cmd(tsk->comm, term->u.string, 0);
+ if (filename)
+ *filename = tsk->comm;
+ break;
case RBCE_RULE_REAL_UID:
if (term->operator == RBCE_LESS_THAN) {
rc = (tsk->uid < term->u.id);
} else if (term->operator == RBCE_GREATER_THAN){
rc = (tsk->uid > term->u.id);
@@ -469,11 +479,11 @@ struct rbce_private_data *create_private
} else {
psize = sizeof(struct rbce_private_data);
}
pdata = kmalloc(psize, GFP_ATOMIC);
- if (pdata != NULL) {
+ if (pdata != NULL){
if (use_persistent_state) {
pdata->bitmap_version = gl_bitmap_version;
pdata->eval = (bitvector_t *) & pdata->data[0];
pdata->true = (bitvector_t *) & pdata->data[bsize];
if (src && (src->bitmap_version == gl_bitmap_version)) {
@@ -485,10 +495,11 @@ struct rbce_private_data *create_private
}
copy_ext_private_data(src, pdata);
pdata->evaluate = 1;
pdata->rules_version = src ? src->rules_version : 0;
pdata->app_tag = NULL;
+ pdata->task_xattrib.filename = NULL;
}
store_pdata(pdata);
return pdata;
}
@@ -570,10 +581,13 @@ static struct ckrm_core_class *rbce_clas
if (pdata) {
new_pdata->rules_version =
pdata->rules_version;
new_pdata->evaluate = pdata->evaluate;
new_pdata->app_tag = pdata->app_tag;
+ memcpy(&new_pdata->task_xattrib,
+ &pdata->task_xattrib,
+ sizeof(pdata->task_xattrib));
free_private_data(pdata);
}
pdata = RBCE_DATAP(tsk) = new_pdata;
termflag = RBCE_TERMFLAG_ALL;
/* need to evaluate them all */
@@ -644,13 +658,10 @@ static struct ckrm_core_class *rbce_clas
bitvector_free(vec_true);
}
}
ckrm_core_grab(cls);
read_unlock(&rbce_rwlock);
- if (filename) {
- kfree(filename);
- }
if (RBCE_DATA(tsk)) {
RBCE_DATA(tsk)->rules_version = gl_rules_version;
}
return cls;
}
@@ -732,10 +743,12 @@ static void rbce_tc_exitcb(struct task_s
RBCE_DATAP(tsk) = NULL;
if (pdata) {
if (pdata->app_tag) {
kfree(pdata->app_tag);
}
+ if (pdata->task_xattrib.filename)
+ kfree(pdata->task_xattrib.filename);
free_private_data(pdata);
}
return;
}
@@ -743,14 +756,14 @@ static void *rbce_tc_classify(enum ckrm_
{
va_list args;
void *cls = NULL;
struct task_struct *tsk;
struct rbce_private_data *pdata;
+ struct linux_binprm *bprm = NULL;
va_start(args, event);
tsk = va_arg(args, struct task_struct *);
- va_end(args);
/* we only have to deal with events between
* [ CKRM_LATCHABLE_EVENTS .. CKRM_NONLATCHABLE_EVENTS )
*/
switch (event) {
@@ -762,11 +775,21 @@ static void *rbce_tc_classify(enum ckrm_
case CKRM_EVENT_EXIT:
rbce_tc_exitcb(tsk);
break;
case CKRM_EVENT_EXEC:
+ bprm = va_arg(args, struct linux_binprm *);
+ if (bprm != NULL && (pdata = RBCE_DATA(tsk)) != NULL) {
+ size_t len = strlen(bprm->filename);
+ pdata->task_xattrib.filename = kmalloc(len + 1,
+ GFP_ATOMIC);
+ if (pdata->task_xattrib.filename != NULL)
+ strcpy(pdata->task_xattrib.filename,
+ bprm->filename);
+ }
cls = rbce_classify(tsk, NULL, RBCE_TERMFLAG_CMD |
+ RBCE_TERMFLAG_CMD_PATH |
RBCE_TERMFLAG_UID | RBCE_TERMFLAG_GID,
tc_classtype);
break;
case CKRM_EVENT_UID:
@@ -796,10 +819,11 @@ static void *rbce_tc_classify(enum ckrm_
}
cls = rbce_classify(tsk, NULL, RBCE_TERMFLAG_ALL, tc_classtype);
break;
}
+ va_end(args);
return cls;
}
#ifndef CRBCE_EXTENSION
Index: linux-2.6.12-rc3/fs/exec.c
===================================================================
--- linux-2.6.12-rc3.orig/fs/exec.c 2005-05-23 17:12:49.606844072 -0700
+++ linux-2.6.12-rc3/fs/exec.c 2005-05-23 18:35:35.998837728 -0700
@@ -1086,11 +1086,11 @@ int search_binary_handler(struct linux_b
allow_write_access(bprm->file);
if (bprm->file)
fput(bprm->file);
bprm->file = NULL;
current->did_exec = 1;
- ckrm_cb_exec(bprm->filename);
+ ckrm_cb_exec(bprm);
return retval;
}
read_lock(&binfmt_lock);
put_binfmt(fmt);
if (retval != -ENOEXEC || bprm->mm == NULL)
--
-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________
ckrm-tech mailing list
https://lists.sourceforge.net/lists/listinfo/ckrm-tech
