Hi, Sometimes it would be really helpful if one could raise L privilege set of a process, especially when dealing with zones. Currently it is not permitted. I understand the reason why however if it was permitted to do so only from a global zone and by process with ALL privileges in its E set then it should be allowed. What do you think?
The code responsible of enforcing the limit is at: http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/os/priv.c#priv_pr_spriv [...] 189 cp = &newcred->cr_priv; 190 ocp = &oldcred->cr_priv; 191 eset = CR_OEPRIV(cr); 192 193 priv_intersect(&CR_LPRIV(oldcred), &eset); 194 195 /* 196 * Verify the constraints laid out: 197 * for the limit set, we require that the new set is a subset 198 * of the old limit set. 199 * for all other sets, we require that the new set is either a 200 * subset of the old set or a subset of the intersection of 201 * the old limit set and the effective set of the acting process. 202 */ 203 for (i = 0; i < PRIV_NSET; i++) 204 if (!priv_issubset(&cp->crprivs[i], &ocp->crprivs[i]) && 205 (i == PRIV_LIMIT || !priv_issubset(&cp->crprivs[i], &eset))) 206 break; 207 [...] btw: I believe the comment in line 201 which relates to code in line 205 is wrong and it should be: 200 * subset of the old set or a subset of the intersection of 201 * the new limit set and the effective set of the acting process. In order to allow increasing the L set the code could be modified as follows: 203 for (i = 0; i < PRIV_NSET; i++) 204 if (!priv_issubset(&cp->crprivs[i], &ocp->crprivs[i]) && 205 (!priv_issubset(&cp->crprivs[i], &eset))) 206 break; 207 The above code change would allow growing L set if new L' set is a subset of the effective set of the calling process. What would be the impact? Would it break anything? Eventually there could be a stronger requirement like (pseudo-code): if (i == PRIV_LIMIT && !priv_isfullset(&eset)) don't allow so increasing the L set would be only possible if effective set of a calling process is the full set. Would that be ok? btw: seems like priv_const.h is not available via OpenGrok, see http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/sys/priv_const.h -- Robert Milkowski http://milek.blogspot.com -- This message posted from opensolaris.org _______________________________________________ opensolaris-code mailing list opensolaris-code@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
