Skip to content

Commit

Permalink
sysctl: expose proc_dointvec_minmax_sysadmin as API function
Browse files Browse the repository at this point in the history
Orthogonal to the other sysctl proc functions expose the variant that is
checking CAP_SYS_ADMIN on write for consumption in external subsystem's
sysctl tables.

Signed-off-by: Levente Polyak <[email protected]>
  • Loading branch information
anthraxx committed Dec 14, 2020
1 parent d8ad413 commit a92b383
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 3 deletions.
2 changes: 2 additions & 0 deletions include/linux/sysctl.h
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,8 @@ int proc_douintvec(struct ctl_table *, int, void *, size_t *, loff_t *);
int proc_dointvec_minmax(struct ctl_table *, int, void *, size_t *, loff_t *);
int proc_douintvec_minmax(struct ctl_table *table, int write, void *buffer,
size_t *lenp, loff_t *ppos);
int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
void *buffer, size_t *lenp, loff_t *ppos);
int proc_dointvec_jiffies(struct ctl_table *, int, void *, size_t *, loff_t *);
int proc_dointvec_userhz_jiffies(struct ctl_table *, int, void *, size_t *,
loff_t *);
Expand Down
31 changes: 28 additions & 3 deletions kernel/sysctl.c
Original file line number Diff line number Diff line change
Expand Up @@ -896,16 +896,34 @@ static int proc_taint(struct ctl_table *table, int write,
return err;
}

#ifdef CONFIG_PRINTK
static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
/**
* proc_dointvec_minmax_sysadmin - read a vector of integers with min/max values
* checking CAP_SYS_ADMIN on write
* @table: the sysctl table
* @write: %TRUE if this is a write to the sysctl file
* @buffer: the user buffer
* @lenp: the size of the user buffer
* @ppos: file position
*
* Reads/writes up to table->maxlen/sizeof(unsigned int) integer
* values from/to the user buffer, treated as an ASCII string.
*
* This routine will ensure the values are within the range specified by
* table->extra1 (min) and table->extra2 (max).
*
* Writing is only allowed when root has CAP_SYS_ADMIN.
*
* Returns 0 on success, -EPERM on permission failure or -EINVAL on write
* when the range check fails.
*/
int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
void *buffer, size_t *lenp, loff_t *ppos)
{
if (write && !capable(CAP_SYS_ADMIN))
return -EPERM;

return proc_dointvec_minmax(table, write, buffer, lenp, ppos);
}
#endif

/**
* struct do_proc_dointvec_minmax_conv_param - proc_dointvec_minmax() range checking structure
Expand Down Expand Up @@ -1591,6 +1609,12 @@ int proc_douintvec_minmax(struct ctl_table *table, int write,
return -ENOSYS;
}

int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
void *buffer, size_t *lenp, loff_t *ppos)
{
return -ENOSYS;
}

int proc_dointvec_jiffies(struct ctl_table *table, int write,
void *buffer, size_t *lenp, loff_t *ppos)
{
Expand Down Expand Up @@ -3464,6 +3488,7 @@ EXPORT_SYMBOL(proc_douintvec);
EXPORT_SYMBOL(proc_dointvec_jiffies);
EXPORT_SYMBOL(proc_dointvec_minmax);
EXPORT_SYMBOL_GPL(proc_douintvec_minmax);
EXPORT_SYMBOL(proc_dointvec_minmax_sysadmin);
EXPORT_SYMBOL(proc_dointvec_userhz_jiffies);
EXPORT_SYMBOL(proc_dointvec_ms_jiffies);
EXPORT_SYMBOL(proc_dostring);
Expand Down

0 comments on commit a92b383

Please sign in to comment.