diff -ruNp linux-2.6.18/arch/i386/kernel/ioport.c linux-2.6.18-cher1/arch/i386/kernel/ioport.c --- linux-2.6.18/arch/i386/kernel/ioport.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/arch/i386/kernel/ioport.c 2007-08-04 11:30:52.000000000 +0400 @@ -62,6 +62,9 @@ asmlinkage long sys_ioperm(unsigned long struct tss_struct * tss; unsigned long *bitmap; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) return -EINVAL; if (turn_on && !capable(CAP_SYS_RAWIO)) @@ -139,6 +142,9 @@ asmlinkage long sys_iopl(unsigned long u unsigned int old = (regs->eflags >> 12) & 3; struct thread_struct *t = ¤t->thread; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (level > 3) return -EINVAL; /* Trying to gain more privileges? */ @@ -151,3 +157,9 @@ asmlinkage long sys_iopl(unsigned long u set_iopl_mask(t->iopl); return 0; } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/arch/i386/kernel/ldt.c linux-2.6.18-cher1/arch/i386/kernel/ldt.c --- linux-2.6.18/arch/i386/kernel/ldt.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/arch/i386/kernel/ldt.c 2007-08-04 11:30:52.000000000 +0400 @@ -235,6 +235,9 @@ asmlinkage int sys_modify_ldt(int func, { int ret = -ENOSYS; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + switch (func) { case 0: ret = read_ldt(ptr, bytecount); diff -ruNp linux-2.6.18/arch/i386/kernel/process.c linux-2.6.18-cher1/arch/i386/kernel/process.c --- linux-2.6.18/arch/i386/kernel/process.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/arch/i386/kernel/process.c 2007-08-04 11:30:52.000000000 +0400 @@ -742,6 +742,9 @@ asmlinkage int sys_execve(struct pt_regs int error; char * filename; + if ((current->sbox_flags & SBOX_NO_EXEC)) + return -EPERM; + filename = getname((char __user *) regs.ebx); error = PTR_ERR(filename); if (IS_ERR(filename)) @@ -753,6 +756,8 @@ asmlinkage int sys_execve(struct pt_regs if (error == 0) { task_lock(current); current->ptrace &= ~PT_DTRACE; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + current->sbox_flags |= SBOX_NO_EXEC; task_unlock(current); /* Make sure we don't return using sysenter.. */ set_thread_flag(TIF_IRET); @@ -909,3 +914,9 @@ unsigned long arch_align_stack(unsigned sp -= get_random_int() % 8192; return sp & ~0xf; } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/arch/i386/kernel/signal.c linux-2.6.18-cher1/arch/i386/kernel/signal.c --- linux-2.6.18/arch/i386/kernel/signal.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/arch/i386/kernel/signal.c 2007-08-04 11:30:52.000000000 +0400 @@ -37,6 +37,9 @@ asmlinkage int sys_sigsuspend(int history0, int history1, old_sigset_t mask) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + mask &= _BLOCKABLE; spin_lock_irq(¤t->sighand->siglock); current->saved_sigmask = current->blocked; @@ -657,3 +660,9 @@ void do_notify_resume(struct pt_regs *re clear_thread_flag(TIF_IRET); } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/arch/i386/kernel/sys_i386.c linux-2.6.18-cher1/arch/i386/kernel/sys_i386.c --- linux-2.6.18/arch/i386/kernel/sys_i386.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/arch/i386/kernel/sys_i386.c 2007-08-04 11:30:52.000000000 +0400 @@ -32,6 +32,9 @@ asmlinkage int sys_pipe(unsigned long __ int fd[2]; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = do_pipe(fd); if (!error) { if (copy_to_user(fildes, fd, 2*sizeof(int))) @@ -126,6 +129,9 @@ asmlinkage int sys_ipc (uint call, int f { int version, ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + version = call >> 16; /* hack for backward compatibility */ call &= 0xffff; @@ -243,3 +249,9 @@ asmlinkage int sys_olduname(struct oldol return error; } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/arch/i386/kernel/vm86.c linux-2.6.18-cher1/arch/i386/kernel/vm86.c --- linux-2.6.18/arch/i386/kernel/vm86.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/arch/i386/kernel/vm86.c 2007-08-04 11:30:52.000000000 +0400 @@ -180,6 +180,9 @@ asmlinkage int sys_vm86old(struct pt_reg struct task_struct *tsk; int tmp, ret = -EPERM; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + tsk = current; if (tsk->thread.saved_esp0) goto out; @@ -210,6 +213,9 @@ asmlinkage int sys_vm86(struct pt_regs r int tmp, ret; struct vm86plus_struct __user *v86; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + tsk = current; switch (regs.ebx) { case VM86_REQUEST_IRQ: diff -ruNp linux-2.6.18/arch/i386/SYSCALLS.i386 linux-2.6.18-cher1/arch/i386/SYSCALLS.i386 --- linux-2.6.18/arch/i386/SYSCALLS.i386 1970-01-01 03:00:00.000000000 +0300 +++ linux-2.6.18-cher1/arch/i386/SYSCALLS.i386 2007-08-04 11:30:52.000000000 +0400 @@ -0,0 +1,334 @@ +sys_exit OK +sys_fork arch/i386/kernel/process.c * CAP +sys_read OK +sys_write OK +sys_open fs/open.c CAP +sys_close fs/open.c OK +sys_waitpid kernel/exit.c CAP +sys_creat fs/open.c CAP +sys_link fs/namei.c REDIR +sys_unlink fs/namei.c CAP +sys_execve arch/i386/kernel/process.c CAP +sys_chdir fs/open.c CAP +sys_time OK +sys_mknod fs/namei.c REDIR +sys_chmod fs/open.c CAP +sys_lchown16 kernel/uid16.c REDIR +sys_ni_syscall --- +sys_stat fs/stat.c CAP +sys_lseek fs/read_write.c CAP +sys_getpid kernel/timer.c OK +sys_mount fs/namespace.c CAP +sys_oldumount fs/namespace.c REDIR +sys_setuid16 kernel/uid16.c REDIR +sys_getuid16 kernel/uid16.c OK +sys_stime kernel/time.c CAP +sys_ptrace kernel/ptrace.c CAP +sys_alarm kernel/timer.c OK +sys_fstat fs/stat.c CAP +sys_pause kernel/signal.c CAP +sys_utime fs/utimes.c CAP +sys_ni_syscall --- +sys_ni_syscall --- +sys_access fs/open.c CAP +sys_nice kernel/sched.c CAP +sys_ni_syscall --- +sys_sync fs/sync.c CAP +sys_kill kernel/signal.c CAP +sys_rename fs/namei.c REDIR +sys_mkdir fs/namei.c REDIR +sys_rmdir fs/namei.c CAP +sys_dup fs/fcntl.c CAP +sys_pipe arch/i386/kernel/sys_i386.c CAP +sys_times OK +sys_ni_syscall --- +sys_brk OK +sys_setgid16 kernel/uid16.c REDIR +sys_getgid16 kernel/uid16.c OK +sys_signal kernel/signal.c OK +sys_geteuid16 kernel/uid16.c OK +sys_getegid16 kernel/uid16.c OK +sys_acct kernel/acct.c CAP +sys_umount fs/namespace.c CAP +sys_ni_syscall --- +sys_ioctl fs/ioctl.c CAP +sys_fcntl fs/fcntl.c CAP +sys_ni_syscall --- +sys_setpgid kernel/sys.c CAP +sys_ni_syscall --- +sys_olduname arch/i386/kernel/sys_i386.c OK +sys_umask kernel/sys.c CAP +sys_chroot fs/open.c CAP +sys_ustat fs/super.c CAP +sys_dup2 fs/fcntl.c CAP +sys_getppid kernel/timer.c OK +sys_getpgrp kernel/sys.c OK +sys_setsid kernel/sys.c CAP +sys_sigaction arch/i386/kernel/signal.c OK +sys_sgetmask kernel/signal.c OK +sys_ssetmask kernel/signal.c CAP +sys_setreuid16 kernel/uid16.c REDIR +sys_setregid16 kernel/uid16.c REDIR +sys_sigsuspend arch/i386/kernel/signal.c CAP +sys_sigpending kernel/signal.c CAP +sys_sethostname kernel/sys.c CAP +sys_setrlimit kernel/sys.c CAP +sys_old_getrlimit kernel/sys.c OK +sys_getrusage kernel/sys.c OK +sys_gettimeofday kernel/time.c OK +sys_settimeofday kernel/time.c CAP +sys_getgroups16 kernel/uid16.c REDIR +sys_setgroups16 kernel/uid16.c CAP +old_select arch/i386/kernel/sys_i386.c OK +sys_symlink fs/namei.c REDIR +sys_lstat fs/stat.c CAP +sys_readlink fs/stat.c REDIR +sys_uselib fs/exec.c CAP +sys_swapon mm/swapfile.c CAP +sys_reboot kernel/sys.c CAP +old_readdir fs/readdir.c CAP +old_mmap arch/i386/kernel/sys_i386.c OK +sys_munmap OK +sys_truncate fs/open.c CAP +sys_ftruncate fs/open.c CAP +sys_fchmod fs/open.c CAP +sys_fchown16 kernel/uid16.c REDIR +sys_getpriority kernel/sys.c CAP +sys_setpriority kernel/sys.c CAP +sys_ni_syscall --- +sys_statfs fs/open.c CAP +sys_fstatfs fs/open.c CAP +sys_ioperm arch/i386/kernel/ioport.c CAP +sys_socketcall net/socket.c CAP +sys_syslog kernel/printk.c CAP +sys_setitimer OK +sys_getitimer OK +sys_newstat fs/stat.c CAP +sys_newlstat fs/stat.c CAP +sys_newfstat fs/stat.c CAP +sys_uname OK +sys_iopl arch/i386/kernel/ioport.c CAP +sys_vhangup fs/open.c CAP +sys_ni_syscall --- +sys_vm86old arch/i386/kernel/vm86.c CAP +sys_wait4 kernel/exit.c CAP +sys_swapoff mm/swapfile.c CAP +sys_sysinfo kernel/timer.c CAP +sys_ipc arch/i386/kernel/sys_i386.c CAP +sys_fsync fs/sync.c CAP +sys_sigreturn arch/i386/kernel/signal.c OK +sys_clone arch/i386/kernel/process.c * CAP +sys_setdomainname kernel/sys.c CAP +sys_newuname kernel/sys.c OK +sys_modify_ldt arch/i386/kernel/ldt.c CAP +sys_adjtimex kernel/time.c CAP +sys_mprotect mm/mprotect.c CAP +sys_sigprocmask kernel/signal.c CAP +sys_ni_syscall --- +sys_init_module kernel/module.c CAP +sys_delete_module kernel/module.c CAP +sys_ni_syscall --- +sys_quotactl fs/quota.c CAP +sys_getpgid kernel/sys.c CAP +sys_fchdir fs/open.c CAP +sys_bdflush fs/buffer.c CAP +sys_sysfs fs/filesystems.c CAP +sys_personality kernel/exec_domain.c CAP +sys_ni_syscall --- +sys_setfsuid16 kernel/uid16.c REDIR +sys_setfsgid16 kernel/uid16.c REDIR +sys_llseek fs/read_write.c CAP +sys_getdents fs/readdir.c CAP +sys_select OK +sys_flock fs/locks.c CAP +sys_msync OK +sys_readv fs/read_write.c OK +sys_writev fs/read_write.c OK +sys_getsid kernel/sys.c CAP +sys_fdatasync fs/sync.c CAP +sys_sysctl kernel/sysctl.c CAP +sys_mlock mm/mlock.c CAP +sys_munlock mm/mlock.c CAP +sys_mlockall mm/mlock.c CAP +sys_munlockall mm/mlock.c CAP +sys_sched_setparam kernel/sched.c CAP +sys_sched_getparam kernel/sched.c CAP +sys_sched_setscheduler kernel/sched.c CAP +sys_sched_getscheduler kernel/sched.c CAP +sys_sched_yield kernel/sched.c OK +sys_sched_get_priority_max kernel/sched.c OK +sys_sched_get_priority_min kernel/sched.c OK +sys_sched_rr_get_interval kernel/sched.c OK +sys_nanosleep OK? +sys_mremap mm/mremap.c CAP +sys_setresuid16 kernel/uid16.c REDIR +sys_getresuid16 kernel/uid16.c OK? +sys_vm86 arch/i386/kernel/vm86.c CAP +sys_ni_syscall --- +sys_poll OK +sys_nfsservctl fs/nfsctl.c CAP +sys_setresgid16 kernel/uid16.c REDIR +sys_getresgid16 kernel/uid16.c OK? +sys_prctl kernel/sys.c CAP +sys_rt_sigreturn arch/i386/kernel/signal.c OK +sys_rt_sigaction kernel/signal.c OK +sys_rt_sigprocmask kernel/signal.c CAP +sys_rt_sigpending kernel/signal.c CAP +sys_rt_sigtimedwait kernel/signal.c CAP +sys_rt_sigqueueinfo kernel/signal.c CAP +sys_rt_sigsuspend kernel/signal.c CAP +sys_pread64 fs/read_write.c CAP +sys_pwrite64 fs/read_write.c CAP +sys_chown16 kernel/uid16.c REDIR +sys_getcwd fs/dcache.c CAP +sys_capget kernel/capability.c CAP +sys_capset kernel/capability.c CAP +sys_sigaltstack arch/i386/kernel/signal.c OK +sys_sendfile fs/read_write.c CAP +sys_ni_syscall --- +sys_ni_syscall --- +sys_vfork arch/i386/kernel/process.c * CAP +sys_getrlimit kernel/sys.c OK +sys_mmap2 OK +sys_truncate64 fs/open.c CAP +sys_ftruncate64 fs/open.c CAP +sys_stat64 fs/stat.c CAP +sys_lstat64 fs/stat.c CAP +sys_fstat64 fs/stat.c CAP +sys_lchown fs/open.c CAP +sys_getuid kernel/timer.c OK +sys_getgid kernel/timer.c OK +sys_geteuid kernel/timer.c OK +sys_getegid kernel/timer.c OK +sys_setreuid kernel/sys.c CAP +sys_setregid kernel/sys.c CAP +sys_getgroups kernel/sys.c OK +sys_setgroups kernel/sys.c CAP +sys_fchown fs/open.c CAP +sys_setresuid kernel/sys.c CAP +sys_getresuid kernel/sys.c OK +sys_setresgid kernel/sys.c CAP +sys_getresgid kernel/sys.c OK +sys_chown fs/open.c CAP +sys_setuid kernel/sys.c CAP +sys_setgid kernel/sys.c CAP +sys_setfsuid kernel/sys.c CAP +sys_setfsgid kernel/sys.c CAP +sys_pivot_root fs/namespace.c CAP +sys_mincore mm/mincore.c CAP +sys_madvise mm/madvise.c CAP +sys_getdents64 fs/readdir.c CAP +sys_fcntl64 fs/fcntl.c CAP +sys_ni_syscall --- +sys_ni_syscall --- +sys_gettid kernel/timer.c OK +sys_readahead mm/filemap.c CAP +sys_setxattr fs/xattr.c CAP +sys_lsetxattr fs/xattr.c CAP +sys_fsetxattr fs/xattr.c CAP +sys_getxattr fs/xattr.c CAP +sys_lgetxattr fs/xattr.c CAP +sys_fgetxattr fs/xattr.c CAP +sys_listxattr fs/xattr.c CAP +sys_llistxattr fs/xattr.c CAP +sys_flistxattr fs/xattr.c CAP +sys_removexattr fs/xattr.c CAP +sys_lremovexattr fs/xattr.c CAP +sys_fremovexattr fs/xattr.c CAP +sys_tkill fs/signal.c CAP +sys_sendfile64 fs/read_write.c CAP +sys_futex OK +sys_sched_setaffinity kernel/sched.c CAP +sys_sched_getaffinity kernel/sched.c CAP +sys_set_thread_area OK +sys_get_thread_area OK +sys_io_setup fs/aio.c CAP +sys_io_destroy fs/aio.c CAP +sys_io_getevents fs/aio.c CAP +sys_io_submit fs/aio.c CAP +sys_io_cancel fs/aio.c CAP +sys_fadvise64 mm/fadvise.c REDIR +sys_ni_syscall --- +sys_exit_group kernel/exit.c OK? +sys_lookup_dcookie fs/dcookies.c CAP +sys_epoll_create fs/eventpoll.c CAP +sys_epoll_ctl fs/eventpoll.c CAP +sys_epoll_wait fs/eventpoll.c CAP +sys_remap_file_pages mm/fremap.c OK? +sys_set_tid_address OK +sys_timer_create kernel/posix-timers.c CAP +sys_timer_settime kernel/posix-timers.c CAP +sys_timer_gettime kernel/posix-timers.c CAP +sys_timer_getoverrun kernel/posix-timers.c CAP +sys_timer_delete kernel/posix-timers.c CAP +sys_clock_settime kernel/posix-timers.c CAP +sys_clock_gettime kernel/posix-timers.c CAP +sys_clock_getres kernel/posix-timers.c CAP +sys_clock_nanosleep kernel/posix-timers.c CAP +sys_statfs64 fs/open.c CAP +sys_fstatfs64 fs/open.c CAP +sys_tgkill kernel/signal.c CAP +sys_utimes fs/utimes.c REDIR +sys_fadvise64_64 mm/fadvise.c OK +sys_ni_syscall --- +sys_mbind mm/mempolicy.c CAP +sys_get_mempolicy mm/mempolicy.c CAP +sys_set_mempolicy mm/mempolicy.c CAP +sys_mq_open ipc/mqueue.c CAP +sys_mq_unlink ipc/mqueue.c CAP +sys_mq_timedsend ipc/mqueue.c CAP +sys_mq_timedreceive ipc/mqueue.c CAP +sys_mq_notify ipc/mqueue.c CAP +sys_mq_getsetattr ipc/mqueue.c CAP +sys_kexec_load kernel/kexec.c CAP +sys_waitid kernel/exit.c CAP +sys_ni_syscall --- +sys_add_key security/keys/keyctl.c CAP +sys_request_key security/keys/keyctl.c CAP +sys_keyctl security/keys/keyctl.c CAP +sys_ioprio_set fs/ioprio.c CAP +sys_ioprio_get fs/ioprio.c CAP +sys_inotify_init fs/inotify_user.c CAP +sys_inotify_add_watch fs/inotify_user.c CAP +sys_inotify_rm_watch fs/inotify_user.c CAP +sys_migrate_pages mm/mempolicy.c CAP +sys_openat fs/open.c CAP +sys_mkdirat fs/namei.c CAP +sys_mknodat fs/namei.c CAP +sys_fchownat fs/open.c CAP +sys_futimesat fs/utimes.c CAP +sys_fstatat64 fs/stat.c CAP +sys_unlinkat fs/namei.c CAP +sys_renameat fs/namei.c CAP +sys_linkat fs/namei.c CAP +sys_symlinkat fs/namei.c CAP +sys_readlinkat fs/stat.c CAP +sys_fchmodat fs/open.c CAP +sys_faccessat fs/open.c CAP +sys_pselect6 fs/select.c OK +sys_ppoll fs/select.c OK +sys_unshare kernel/fork.c CAP +sys_set_robust_list kernel/futex.c OK? +sys_get_robust_list kernel/futex.c OK? +sys_splice fs/splice.c CAP +sys_sync_file_range fs/sync.c CAP +sys_tee fs/splice.c CAP +sys_vmsplice fs/splice.c CAP +sys_move_pages mm/migrate.c CAP +sys_getcpu kernel/sys.c CAP +sys_epoll_pwait fs/eventpoll.c CAP +sys_utimensat fs/utimes.c CAP +sys_signalfd fs/signalfd.c CAP +sys_timerfd fs/timerfd.c CAP +sys_eventfd fs/eventfd.c CAP + +=== END OF SYSCALL TABLE === +*) The line number corresponds to syscall number +**) sys_fork, sys_vfork, sys_clone -> do_fork (kernel/fork.c) + +Syscall 0: +sys_restart_syscall kernel/signal.c OK + +syscall table in arch/i386/kernel/syscall_table.S + + diff -ruNp linux-2.6.18/arch/x86_64/ia32/ia32_aout.c linux-2.6.18-cher1/arch/x86_64/ia32/ia32_aout.c --- linux-2.6.18/arch/x86_64/ia32/ia32_aout.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/arch/x86_64/ia32/ia32_aout.c 2007-08-04 11:30:52.000000000 +0400 @@ -285,8 +285,12 @@ static int load_aout_binary(struct linux rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur; if (rlim >= RLIM_INFINITY) rlim = ~0; - if (ex.a_data + ex.a_bss > rlim) + if (ex.a_data + ex.a_bss > rlim) { + if ((current->sbox_flags & SBOX_MEMLIMITON)) { + current->sbox_flags |= SBOX_WAS_MEMLIMIT; + } return -ENOMEM; + } /* Flush all traces of the currently running executable */ retval = flush_old_exec(bprm); @@ -524,3 +528,9 @@ static void __exit exit_aout_binfmt(void module_init(init_aout_binfmt); module_exit(exit_aout_binfmt); MODULE_LICENSE("GPL"); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/arch/x86_64/ia32/ia32_signal.c linux-2.6.18-cher1/arch/x86_64/ia32/ia32_signal.c --- linux-2.6.18/arch/x86_64/ia32/ia32_signal.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/arch/x86_64/ia32/ia32_signal.c 2007-08-04 11:33:56.000000000 +0400 @@ -118,6 +118,9 @@ sys32_sigsuspend(int history0, int histo { sigset_t saveset; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + mask &= _BLOCKABLE; spin_lock_irq(¤t->sighand->siglock); saveset = current->blocked; @@ -142,6 +145,10 @@ sys32_sigaltstack(const stack_ia32_t __u stack_t uss,uoss; int ret; mm_segment_t seg; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (uss_ptr) { u32 ptr; memset(&uss,0,sizeof(stack_t)); diff -ruNp linux-2.6.18/arch/x86_64/ia32/ipc32.c linux-2.6.18-cher1/arch/x86_64/ia32/ipc32.c --- linux-2.6.18/arch/x86_64/ia32/ipc32.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/arch/x86_64/ia32/ipc32.c 2007-08-04 11:30:52.000000000 +0400 @@ -17,6 +17,9 @@ sys32_ipc(u32 call, int first, int secon { int version; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + version = call >> 16; /* hack for backward compatibility */ call &= 0xffff; diff -ruNp linux-2.6.18/arch/x86_64/ia32/ptrace32.c linux-2.6.18-cher1/arch/x86_64/ia32/ptrace32.c --- linux-2.6.18/arch/x86_64/ia32/ptrace32.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/arch/x86_64/ia32/ptrace32.c 2007-08-04 11:30:52.000000000 +0400 @@ -231,6 +231,18 @@ asmlinkage long sys32_ptrace(long reques int ret; __u32 val; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + if (request == PTRACE_MEMLIMIT) { + current->sbox_flags |= SBOX_MEMLIMITON; + return 0; + } + if (request == PTRACE_NO_SYSCALLS) { + current->sbox_flags |= SBOX_NO_SYSCALLS; + return 0; + } + switch (request) { case PTRACE_TRACEME: case PTRACE_ATTACH: diff -ruNp linux-2.6.18/arch/x86_64/ia32/sys_ia32.c linux-2.6.18-cher1/arch/x86_64/ia32/sys_ia32.c --- linux-2.6.18/arch/x86_64/ia32/sys_ia32.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/arch/x86_64/ia32/sys_ia32.c 2007-08-04 11:30:52.000000000 +0400 @@ -152,7 +152,12 @@ asmlinkage long sys32_stat64(char __user * filename, struct stat64 __user *statbuf) { struct kstat stat; - int ret = vfs_stat(filename, &stat); + int ret; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + ret = vfs_stat(filename, &stat); if (!ret) ret = cp_stat64(statbuf, &stat); return ret; @@ -162,7 +167,12 @@ asmlinkage long sys32_lstat64(char __user * filename, struct stat64 __user *statbuf) { struct kstat stat; - int ret = vfs_lstat(filename, &stat); + int ret; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + ret = vfs_lstat(filename, &stat); if (!ret) ret = cp_stat64(statbuf, &stat); return ret; @@ -172,7 +182,12 @@ asmlinkage long sys32_fstat64(unsigned int fd, struct stat64 __user *statbuf) { struct kstat stat; - int ret = vfs_fstat(fd, &stat); + int ret; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + ret = vfs_fstat(fd, &stat); if (!ret) ret = cp_stat64(statbuf, &stat); return ret; @@ -185,6 +200,9 @@ sys32_fstatat(unsigned int dfd, char __u struct kstat stat; int error = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0) goto out; @@ -258,6 +276,9 @@ sys32_pipe(int __user *fd) int retval; int fds[2]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = do_pipe(fds); if (retval) goto out; @@ -464,6 +485,9 @@ sys32_settimeofday(struct compat_timeval struct timespec kts; struct timezone ktz; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (tv) { if (get_tv32(&ktv, tv)) return -EFAULT; @@ -670,6 +694,9 @@ sys32_sysctl(struct sysctl_ia32 __user * void *newval, size_t newlen); + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (copy_from_user(&a32, args32, sizeof (a32))) return -EFAULT; @@ -850,6 +877,9 @@ asmlinkage long sys32_execve(char __user long error; char * filename; + if ((current->sbox_flags & SBOX_NO_EXEC)) + return -EPERM; + filename = getname(name); error = PTR_ERR(filename); if (IS_ERR(filename)) @@ -858,6 +888,8 @@ asmlinkage long sys32_execve(char __user if (error == 0) { task_lock(current); current->ptrace &= ~PT_DTRACE; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + current->sbox_flags |= SBOX_NO_EXEC; task_unlock(current); } putname(filename); @@ -901,6 +933,10 @@ long sys32_vm86_warning(void) { struct task_struct *me = current; static char lastcomm[sizeof(me->comm)]; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) { compat_printk(KERN_INFO "%s: vm86 mode not supported on 64 bit kernel\n", me->comm); diff -ruNp linux-2.6.18/arch/x86_64/kernel/ioport.c linux-2.6.18-cher1/arch/x86_64/kernel/ioport.c --- linux-2.6.18/arch/x86_64/kernel/ioport.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/arch/x86_64/kernel/ioport.c 2007-08-04 11:30:52.000000000 +0400 @@ -39,6 +39,9 @@ asmlinkage long sys_ioperm(unsigned long struct tss_struct * tss; unsigned long *bitmap; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) return -EINVAL; if (turn_on && !capable(CAP_SYS_RAWIO)) @@ -106,6 +109,9 @@ asmlinkage long sys_iopl(unsigned int le { unsigned int old = (regs->eflags >> 12) & 3; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (level > 3) return -EINVAL; /* Trying to gain more privileges? */ diff -ruNp linux-2.6.18/arch/x86_64/kernel/ldt.c linux-2.6.18-cher1/arch/x86_64/kernel/ldt.c --- linux-2.6.18/arch/x86_64/kernel/ldt.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/arch/x86_64/kernel/ldt.c 2007-08-04 11:30:52.000000000 +0400 @@ -235,6 +235,9 @@ asmlinkage int sys_modify_ldt(int func, { int ret = -ENOSYS; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + switch (func) { case 0: ret = read_ldt(ptr, bytecount); diff -ruNp linux-2.6.18/arch/x86_64/kernel/process.c linux-2.6.18-cher1/arch/x86_64/kernel/process.c --- linux-2.6.18/arch/x86_64/kernel/process.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/arch/x86_64/kernel/process.c 2007-08-04 11:30:52.000000000 +0400 @@ -631,6 +631,9 @@ long sys_execve(char __user *name, char long error; char * filename; + if ((current->sbox_flags & SBOX_NO_EXEC)) + return -EPERM; + filename = getname(name); error = PTR_ERR(filename); if (IS_ERR(filename)) @@ -639,6 +642,8 @@ long sys_execve(char __user *name, char if (error == 0) { task_lock(current); current->ptrace &= ~PT_DTRACE; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + current->sbox_flags |= SBOX_NO_EXEC; task_unlock(current); } putname(filename); diff -ruNp linux-2.6.18/arch/x86_64/kernel/sys_x86_64.c linux-2.6.18-cher1/arch/x86_64/kernel/sys_x86_64.c --- linux-2.6.18/arch/x86_64/kernel/sys_x86_64.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/arch/x86_64/kernel/sys_x86_64.c 2007-08-04 11:30:52.000000000 +0400 @@ -29,6 +29,9 @@ asmlinkage long sys_pipe(int __user *fil int fd[2]; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = do_pipe(fd); if (!error) { if (copy_to_user(fildes, fd, 2*sizeof(int))) diff -ruNp linux-2.6.18/arch/x86_64/SYSCALLS.x86_64 linux-2.6.18-cher1/arch/x86_64/SYSCALLS.x86_64 --- linux-2.6.18/arch/x86_64/SYSCALLS.x86_64 1970-01-01 03:00:00.000000000 +0300 +++ linux-2.6.18-cher1/arch/x86_64/SYSCALLS.x86_64 2007-08-04 11:30:52.000000000 +0400 @@ -0,0 +1,292 @@ +sys_write fs/read_write.c OK +sys_open fs/open.c CAP +sys_close fs/open.c OK +sys_newstat fs/stat.c CAP +sys_newfstat fs/stat.c CAP +sys_newlstat fs/stat.c CAP +sys_poll OK +sys_lseek fs/read_write.c CAP +sys_mmap OK +sys_mprotect mm/mprotect.c CAP +sys_munmap OK +sys_brk OK +sys_rt_sigaction kernel/signal.c OK +sys_rt_sigprocmask kernel/signal.c CAP +stub_rt_sigreturn OK +sys_ioctl fs/ioctl.c CAP +sys_pread64 fs/read_write.c CAP +sys_pwrite64 fs/read_write.c CAP +sys_readv fs/read_write.c OK +sys_writev fs/read_write.c OK +sys_access fs/open.c CAP +sys_pipe arch/x86_64/kernel/sys_x86_64.c CAP +sys_select OK +sys_sched_yield kernel/sched.c OK +sys_mremap mm/mremap.c CAP +sys_msync OK +sys_mincore mm/mincore.c CAP +sys_madvise mm/madvise.c CAP +sys_shmget ipc/shm.c CAP +sys_shmat ipc/shm.c CAP +sys_shmctl ipc/shm.c CAP +sys_dup fs/fcntl.c CAP +sys_dup2 fs/fcntl.c CAP +sys_pause kernel/signal.c CAP +sys_nanosleep OK? +sys_getitimer OK +sys_alarm kernel/timer.c OK +sys_setitimer OK +sys_getpid kernel/timer.c OK +sys_sendfile64 fs/read_write.c CAP +sys_socket net/socket.c CAP +sys_connect net/socket.c CAP +sys_accept net/socket.c CAP +sys_sendto net/socket.c CAP +sys_recvfrom net/socket.c CAP +sys_sendmsg net/socket.c CAP +sys_recvmsg net/socket.c CAP +sys_shutdown net/socket.c CAP +sys_bind net/socket.c CAP +sys_listen net/socket.c CAP +sys_getsockname net/socket.c CAP +sys_getpeername net/socket.c CAP +sys_socketpair net/socket.c CAP +sys_setsockopt net/socket.c CAP +sys_getsockopt net/socket.c CAP +stub_clone arch/x86_64/kernel/entry.S->process.c CAP +stub_fork arch/x86_64/kernel/entry.S->process.c CAP +stub_vfork arch/x86_64/kernel/entry.S->process.c CAP +stub_execve arch/x86_64/kernel/entry.S->process.c CAP +sys_exit OK +sys_wait4 kernel/exit.c CAP +sys_kill kernel/signal.c CAP +sys_uname OK +sys_semget ipc/sem.c CAP +sys_semop ipc/sem.c CAP +sys_semctl ipc/sem.c CAP +sys_shmdt ipc/shm.c CAP +sys_msgget ipc/msg.c CAP +sys_msgsnd ipc/msg.c CAP +sys_msgrcv ipc/msg.c CAP +sys_msgctl ipc/msg.c CAP +sys_fcntl fs/fcntl.c CAP +sys_flock fs/locks.c CAP +sys_fsync fs/sync.c CAP +sys_fdatasync fs/sync.c CAP +sys_truncate fs/open.c CAP +sys_ftruncate fs/open.c CAP +sys_getdents fs/readdir.c CAP +sys_getcwd fs/dcache.c CAP +sys_chdir fs/open.c CAP +sys_fchdir fs/open.c CAP +sys_rename fs/namei.c REDIR +sys_mkdir fs/namei.c REDIR +sys_rmdir fs/namei.c CAP +sys_creat fs/open.c CAP +sys_link fs/namei.c REDIR +sys_unlink fs/namei.c CAP +sys_symlink fs/namei.c REDIR +sys_readlink fs/stat.c REDIR +sys_chmod fs/open.c CAP +sys_fchmod fs/open.c CAP +sys_chown fs/open.c CAP +sys_fchown fs/open.c CAP +sys_lchown fs/open.c CAP +sys_umask kernel/sys.c CAP +sys_gettimeofday kernel/time.c OK +sys_getrlimit kernel/sys.c OK +sys_getrusage kernel/sys.c OK +sys_sysinfo kernel/timer.c CAP +sys_times OK +sys_ptrace kernel/ptrace.c CAP +sys_getuid kernel/timer.c OK +sys_syslog kernel/printk.c CAP +sys_getgid kernel/timer.c OK +sys_setuid kernel/sys.c CAP +sys_setgid kernel/sys.c CAP +sys_geteuid kernel/timer.c OK +sys_getegid kernel/timer.c OK +sys_setpgid kernel/sys.c CAP +sys_getppid kernel/timer.c OK +sys_getpgrp kernel/sys.c OK +sys_setsid kernel/sys.c CAP +sys_setreuid kernel/sys.c CAP +sys_setregid kernel/sys.c CAP +sys_getgroups kernel/sys.c OK +sys_setgroups kernel/sys.c CAP +sys_setresuid kernel/sys.c CAP +sys_getresuid kernel/sys.c OK +sys_setresgid kernel/sys.c CAP +sys_getresgid kernel/sys.c OK +sys_getpgid kernel/sys.c CAP +sys_setfsuid kernel/sys.c CAP +sys_setfsgid kernel/sys.c CAP +sys_getsid kernel/sys.c CAP +sys_capget kernel/capability.c CAP +sys_capset kernel/capability.c CAP +sys_rt_sigpending kernel/signal.c CAP +sys_rt_sigtimedwait kernel/signal.c CAP +sys_rt_sigqueueinfo kernel/signal.c CAP +stub_rt_sigsuspend kernel/signal.c CAP +stub_sigaltstack arch/x86_64/kernel/signal.c OK +sys_utime fs/utimes.c CAP +sys_mknod fs/namei.c REDIR +sys_ni_syscall --- +sys_personality kernel/exec_domain.c CAP +sys_ustat fs/super.c CAP +sys_statfs fs/open.c CAP +sys_fstatfs fs/open.c CAP +sys_sysfs fs/filesystems.c CAP +sys_getpriority kernel/sys.c CAP +sys_setpriority kernel/sys.c CAP +sys_sched_setparam kernel/sched.c CAP +sys_sched_getparam kernel/sched.c CAP +sys_sched_setscheduler kernel/sched.c CAP +sys_sched_getscheduler kernel/sched.c CAP +sys_sched_get_priority_max kernel/sched.c OK +sys_sched_get_priority_min kernel/sched.c OK +sys_sched_rr_get_interval kernel/sched.c OK +sys_mlock mm/mlock.c CAP +sys_munlock mm/mlock.c CAP +sys_mlockall mm/mlock.c CAP +sys_munlockall mm/mlock.c CAP +sys_vhangup fs/open.c CAP +sys_modify_ldt arch/x86_64/kernel/ldt.c CAP +sys_pivot_root fs/namespace.c CAP +sys_sysctl kernel/sysctl.c CAP +sys_prctl kernel/sys.c CAP +sys_arch_prctl arch/x86_64/kernel/process.c OK +sys_adjtimex kernel/time.c CAP +sys_setrlimit kernel/sys.c CAP +sys_chroot fs/open.c CAP +sys_sync fs/sync.c CAP +sys_acct kernel/acct.c CAP +sys_settimeofday kernel/time.c CAP +sys_mount fs/namespace.c CAP +sys_umount fs/namespace.c CAP +sys_swapon mm/swapfile.c CAP +sys_swapoff mm/swapfile.c CAP +sys_reboot kernel/sys.c CAP +sys_sethostname kernel/sys.c CAP +sys_setdomainname kernel/sys.c CAP +stub_iopl arch/x86_64/kernel/ioport.c CAP +sys_ioperm arch/x86_64/kernel/ioport.c CAP +sys_ni_syscall --- +sys_init_module kernel/module.c CAP +sys_delete_module kernel/module.c CAP +sys_ni_syscall --- +sys_ni_syscall --- +sys_quotactl fs/quota.c CAP +sys_nfsservctl fs/nfsctl.c CAP +sys_ni_syscall --- +sys_ni_syscall --- +sys_ni_syscall --- +sys_ni_syscall --- +sys_ni_syscall --- +sys_gettid kernel/timer.c OK +sys_readahead mm/filemap.c CAP +sys_setxattr fs/xattr.c CAP +sys_lsetxattr fs/xattr.c CAP +sys_fsetxattr fs/xattr.c CAP +sys_getxattr fs/xattr.c CAP +sys_lgetxattr fs/xattr.c CAP +sys_fgetxattr fs/xattr.c CAP +sys_listxattr fs/xattr.c CAP +sys_llistxattr fs/xattr.c CAP +sys_flistxattr fs/xattr.c CAP +sys_removexattr fs/xattr.c CAP +sys_lremovexattr fs/xattr.c CAP +sys_fremovexattr fs/xattr.c CAP +sys_tkill fs/signal.c CAP +sys_time OK +sys_futex OK +sys_sched_setaffinity kernel/sched.c CAP +sys_sched_getaffinity kernel/sched.c CAP +sys_ni_syscall --- +sys_io_setup fs/aio.c CAP +sys_io_destroy fs/aio.c CAP +sys_io_getevents fs/aio.c CAP +sys_io_submit fs/aio.c CAP +sys_io_cancel fs/aio.c CAP +sys_ni_syscall --- +sys_lookup_dcookie fs/dcookies.c CAP +sys_epoll_create fs/eventpoll.c CAP +sys_ni_syscall --- +sys_ni_syscall --- +sys_remap_file_pages mm/fremap.c OK? +sys_getdents64 fs/readdir.c CAP +sys_set_tid_address OK +sys_restart_syscall kernel/signal.c OK +sys_semtimedop ipc/sem.c CAP +sys_fadvise64 mm/fadvise.c REDIR +sys_timer_create kernel/posix-timers.c CAP +sys_timer_settime kernel/posix-timers.c CAP +sys_timer_gettime kernel/posix-timers.c CAP +sys_timer_getoverrun kernel/posix-timers.c CAP +sys_timer_delete kernel/posix-timers.c CAP +sys_clock_settime kernel/posix-timers.c CAP +sys_clock_gettime kernel/posix-timers.c CAP +sys_clock_getres kernel/posix-timers.c CAP +sys_clock_nanosleep kernel/posix-timers.c CAP +sys_exit_group kernel/exit.c OK? +sys_epoll_wait fs/eventpoll.c CAP +sys_epoll_ctl fs/eventpoll.c CAP +sys_tgkill kernel/signal.c CAP +sys_utimes fs/utimes.c REDIR +sys_ni_syscall --- +sys_mbind mm/mempolicy.c CAP +sys_set_mempolicy mm/mempolicy.c CAP +sys_get_mempolicy mm/mempolicy.c CAP +sys_mq_open ipc/mqueue.c CAP +sys_mq_unlink ipc/mqueue.c CAP +sys_mq_timedsend ipc/mqueue.c CAP +sys_mq_timedreceive ipc/mqueue.c CAP +sys_mq_notify ipc/mqueue.c CAP +sys_mq_getsetattr ipc/mqueue.c CAP +sys_kexec_load kernel/kexec.c CAP +sys_waitid kernel/exit.c CAP +sys_add_key security/keys/keyctl.c CAP +sys_request_key security/keys/keyctl.c CAP +sys_keyctl security/keys/keyctl.c CAP +sys_ioprio_set fs/ioprio.c CAP +sys_ioprio_get fs/ioprio.c CAP +sys_inotify_init fs/inotify_user.c CAP +sys_inotify_add_watch fs/inotify_user.c CAP +sys_inotify_rm_watch fs/inotify_user.c CAP +sys_migrate_pages mm/mempolicy.c CAP +sys_openat fs/open.c CAP +sys_mkdirat fs/namei.c CAP +sys_mknodat fs/namei.c CAP +sys_fchownat fs/open.c CAP +sys_futimesat fs/utimes.c CAP +sys_newfstatat fs/stat.c CAP +sys_unlinkat fs/namei.c CAP +sys_renameat fs/namei.c CAP +sys_linkat fs/namei.c CAP +sys_symlinkat fs/namei.c CAP +sys_readlinkat fs/stat.c CAP +sys_fchmodat fs/open.c CAP +sys_faccessat fs/open.c CAP +sys_pselect6 fs/select.c OK +sys_ppoll fs/select.c OK +sys_unshare kernel/fork.c CAP +sys_set_robust_list kernel/futex.c OK? +sys_get_robust_list kernel/futex.c OK? +sys_splice fs/splice.c CAP +sys_tee fs/splice.c CAP +sys_sync_file_range fs/sync.c CAP +sys_vmsplice fs/splice.c CAP +sys_move_pages mm/migrate.c CAP +sys_utimensat fs/utimes.c CAP +sys_epoll_pwait fs/eventpoll.c CAP +sys_signalfd fs/signalfd.c CAP +sys_timerfd fs/timerfd.c CAP +sys_eventfd fs/eventfd.c CAP + +=== END OF SYSCALL TABLE === +*) The line number corresponds to syscall number + +Syscall 0: +sys_read fs/read_write.c OK + +syscall table is in include/asm-x86_64/unistd.h diff -ruNp linux-2.6.18/arch/x86_64/SYSCALLS.x86_64_ia32 linux-2.6.18-cher1/arch/x86_64/SYSCALLS.x86_64_ia32 --- linux-2.6.18/arch/x86_64/SYSCALLS.x86_64_ia32 1970-01-01 03:00:00.000000000 +0300 +++ linux-2.6.18-cher1/arch/x86_64/SYSCALLS.x86_64_ia32 2007-08-04 11:30:52.000000000 +0400 @@ -0,0 +1,331 @@ +sys_exit OK +stub32_fork arch/x86_64/ia32/ia32entry.S CAP +sys_read OK +sys_write OK +compat_sys_open fs/compat.c CAP +sys_close fs/open.c OK +sys32_waitpid arch/x86_64/ia32/sys_ia32.c CAP +sys_creat fs/open.c CAP +sys_link fs/namei.c REDIR +sys_unlink fs/namei.c CAP +stub32_execve arch/x86_64/ia32/ia32entry.S CAP +sys_chdir fs/open.c CAP +compat_sys_time kernel/compat.c OK +sys_mknod fs/namei.c REDIR +sys_chmod fs/open.c CAP +sys_lchown16 kernel/uid16.c REDIR +quiet_ni_syscall --- +sys_stat fs/stat.c CAP +sys32_lseek arch/x86_64/ia32/sys_ia32.c REDIR +sys_getpid kernel/timer.c OK +compat_sys_mount fs/compat.c CAP +sys_oldumount fs/namespace.c REDIR +sys_setuid16 kernel/uid16.c REDIR +sys_getuid16 kernel/uid16.c OK +compat_sys_stime kernel/compat.c CAP +sys32_ptrace arch/x86_64/ia32/ptrace32.c CAP +sys_alarm kernel/timer.c OK +sys_fstat fs/stat.c CAP +sys_pause kernel/signal.c CAP +compat_sys_utime fs/compat.c CAP +quiet_ni_syscall --- +quiet_ni_syscall --- +sys_access fs/open.c CAP +sys_nice kernel/sched.c CAP +quiet_ni_syscall --- +sys_sync fs/sync.c CAP +sys32_kill arch/x86_64/ia32/sys_ia32.c REDIR +sys_rename fs/namei.c REDIR +sys_mkdir fs/namei.c REDIR +sys_rmdir fs/namei.c CAP +sys_dup fs/fcntl.c CAP +sys32_pipe arch/x86_64/ia32/sys_ia32.c CAP +compat_sys_times kernel/compat.c OK +quiet_ni_syscall --- +sys_brk OK +sys_setgid16 kernel/uid16.c REDIR +sys_getgid16 kernel/uid16.c OK +sys_signal kernel/signal.c OK +sys_geteuid16 kernel/uid16.c OK +sys_getegid16 kernel/uid16.c OK +sys_acct kernel/acct.c CAP +sys_umount fs/namespace.c CAP +quiet_ni_syscall --- +compat_sys_ioctl fs/compat_ioctl.c CAP +compat_sys_fcntl64 fs/compat.c CAP +quiet_ni_syscall --- +sys_setpgid kernel/sys.c CAP +quiet_ni_syscall --- +sys32_olduname arch/x86_64/ia32/sys_ia32.c OK +sys_umask kernel/sys.c CAP +sys_chroot fs/open.c CAP +sys32_ustat arch/x86_64/ia32/sys_ia32.c REDIR +sys_dup2 fs/fcntl.c CAP +sys_getppid kernel/timer.c OK +sys_getpgrp kernel/sys.c OK +sys_setsid kernel/sys.c CAP +sys32_sigaction arch/x86_64/ia32/sys_ia32.c OK +sys_sgetmask kernel/signal.c OK +sys_ssetmask kernel/signal.c CAP +sys_setreuid16 kernel/uid16.c REDIR +sys_setregid16 kernel/uid16.c REDIR +stub32_sigsuspend arch/x86_64/ia32/ia32_signal.c CAP +compat_sys_sigpending kernel/compat.c REDIR +sys_sethostname kernel/sys.c CAP +compat_sys_setrlimit kernel/compat.c REDIR +compat_sys_old_getrlimit kernel/compat.c OK +compat_sys_getrusage kernel/compat.c OK +sys32_gettimeofday arch/x86_64/ia32/sys_ia32.c OK +sys32_settimeofday arch/x86_64/ia32/sys_ia32.c CAP +sys_getgroups16 kernel/uid16.c REDIR +sys_setgroups16 kernel/uid16.c CAP +sys32_old_select arch/x86_64/ia32/sys_ia32.c OK +sys_symlink fs/namei.c REDIR +sys_lstat fs/stat.c CAP +sys_readlink fs/stat.c REDIR +sys_uselib fs/exec.c CAP +sys_swapon mm/swapfile.c CAP +sys_reboot kernel/sys.c CAP +compat_sys_old_readdir fs/compat.c CAP +sys32_mmap arch/x86_64/ia32/sys_ia32.c OK +sys_munmap OK +sys_truncate fs/open.c CAP +sys_ftruncate fs/open.c CAP +sys_fchmod fs/open.c CAP +sys_fchown16 kernel/uid16.c REDIR +sys_getpriority kernel/sys.c CAP +sys_setpriority kernel/sys.c CAP +quiet_ni_syscall --- +compat_sys_statfs fs/compat.c CAP +compat_sys_fstatfs fs/compat.c CAP +sys_ioperm arch/x86_64/kernel/ioport.c CAP +compat_sys_socketcall net/compat.c CAP +sys_syslog kernel/printk.c CAP +compat_sys_setitimer kernel/compat.c OK +compat_sys_getitimer kernel/compat.c OK +compat_sys_newstat fs/compat.c CAP +compat_sys_newlstat fs/compat.c CAP +compat_sys_newfstat fs/compat.c CAP +sys32_uname arch/x86_64/ia32/sys_ia32.c OK +stub32_iopl arch/x86_64/ia32/ia32entry.S REDIR +sys_vhangup fs/open.c CAP +quiet_ni_syscall --- +sys32_vm86_warning arch/x86_64/ia32/sys_ia32.c CAP +compat_sys_wait4 kernel/compat.c REDIR +sys_swapoff mm/swapfile.c CAP +compat_sys_sysinfo kernel/compat.c CAP +sys32_ipc arch/x86_64/ia32/ipc32.c CAP +sys_fsync fs/sync.c CAP +stub32_sigreturn OK +stub32_clone arch/x86_64/ia32/ia32entry.S REDIR +sys_setdomainname kernel/sys.c CAP +sys_uname OK +sys_modify_ldt arch/x86_64/kernel/ldt.c CAP +compat_sys_adjtimex kernel/compat.c CAP +sys32_mprotect arch/x86_64/ia32/sys_ia32.c REDIR +compat_sys_sigprocmask kernel/compat.c REDIR +quiet_ni_syscall --- +sys_init_module kernel/module.c CAP +sys_delete_module kernel/module.c CAP +quiet_ni_syscall --- +sys_quotactl fs/quota.c CAP +sys_getpgid kernel/sys.c CAP +sys_fchdir fs/open.c CAP +quiet_ni_syscall --- +sys_sysfs fs/filesystems.c CAP +sys_personality kernel/exec_domain.c CAP +quiet_ni_syscall --- +sys_setfsuid16 kernel/uid16.c REDIR +sys_setfsgid16 kernel/uid16.c REDIR +sys_llseek fs/read_write.c CAP +compat_sys_getdents fs/compat.c CAP +compat_sys_select fs/compat.c OK +sys_flock fs/locks.c CAP +sys_msync OK +compat_sys_readv OK +compat_sys_writev OK +sys_getsid kernel/sys.c CAP +sys_fdatasync fs/sync.c CAP +sys32_sysctl arch/x86_64/ia32/sys_ia32.c CAP +sys_mlock mm/mlock.c CAP +sys_munlock mm/mlock.c CAP +sys_mlockall mm/mlock.c CAP +sys_munlockall mm/mlock.c CAP +sys_sched_setparam kernel/sched.c CAP +sys_sched_getparam kernel/sched.c CAP +sys_sched_setscheduler kernel/sched.c CAP +sys_sched_getscheduler kernel/sched.c CAP +sys_sched_yield kernel/sched.c OK +sys_sched_get_priority_max kernel/sched.c OK +sys_sched_get_priority_min kernel/sched.c OK +sys32_sched_rr_get_interval arch/x86_64/ia32/sys_ia32.c REDIR +compat_sys_nanosleep kernel/compat.c OK? +sys_mremap mm/mremap.c CAP +sys_setresuid16 kernel/uid16.c REDIR +sys_getresuid16 kernel/uid16.c OK? +sys32_vm86_warning arch/x86_64/ia32/sys_ia32.c CAP +quiet_ni_syscall --- +sys_poll OK +compat_sys_nfsservctl fs/compat.c CAP +sys_setresgid16 kernel/uid16.c REDIR +sys_getresgid16 kernel/uid16.c OK? +sys_prctl kernel/sys.c CAP +stub32_rt_sigreturn OK +sys32_rt_sigaction OK +sys32_rt_sigprocmask arch/x86_64/ia32/sys_ia32.c REDIR +sys32_rt_sigpending arch/x86_64/ia32/sys_ia32.c REDIR +compat_sys_rt_sigtimedwait kernel/compat.c CAP +sys32_rt_sigqueueinfo arch/x86_64/ia32/sys_ia32.c REDIR +stub32_rt_sigsuspend arch/x86_64/ia32/ia32entry.S REDIR +sys32_pread arch/x86_64/ia32/sys_ia32.c REDIR +sys32_pwrite arch/x86_64/ia32/sys_ia32.c REDIR +sys_chown16 kernel/uid16.c REDIR +sys_getcwd fs/dcache.c CAP +sys_capget kernel/capability.c CAP +sys_capset kernel/capability.c CAP +stub32_sigaltstack arch/x86_64/ia32/ia32_signal.c CAP +sys32_sendfile arch/x86_64/ia32/sys_ia32.c REDIR +quiet_ni_syscall --- +quiet_ni_syscall --- +stub32_vfork arch/x86_64/ia32/ia32entry.S REDIR +compat_sys_getrlimit kernel/compat.c REDIR +sys32_mmap2 OK +sys32_truncate64 arch/x86_64/ia32/sys_ia32.c REDIR +sys32_ftruncate64 arch/x86_64/ia32/sys_ia32.c REDIR +sys32_stat64 arch/x86_64/ia32/sys_ia32.c CAP +sys32_lstat64 arch/x86_64/ia32/sys_ia32.c CAP +sys32_fstat64 arch/x86_64/ia32/sys_ia32.c CAP +sys_lchown fs/open.c CAP +sys_getuid kernel/timer.c OK +sys_getgid kernel/timer.c OK +sys_geteuid kernel/timer.c OK +sys_getegid kernel/timer.c OK +sys_setreuid kernel/sys.c CAP +sys_setregid kernel/sys.c CAP +sys_getgroups kernel/sys.c OK +sys_setgroups kernel/sys.c CAP +sys_fchown fs/open.c CAP +sys_setresuid kernel/sys.c CAP +sys_getresuid kernel/sys.c OK +sys_setresgid kernel/sys.c CAP +sys_getresgid kernel/sys.c OK +sys_chown fs/open.c CAP +sys_setuid kernel/sys.c CAP +sys_setgid kernel/sys.c CAP +sys_setfsuid kernel/sys.c CAP +sys_setfsgid kernel/sys.c CAP +sys_pivot_root fs/namespace.c CAP +sys_mincore mm/mincore.c CAP +sys_madvise mm/madvise.c CAP +compat_sys_getdents64 fs/compat.c CAP +compat_sys_fcntl64 fs/compat.c CAP +quiet_ni_syscall --- +quiet_ni_syscall --- +sys_gettid kernel/timer.c OK +sys32_readahead arch/x86_64/ia32/sys_ia32.c REDIR +sys_setxattr fs/xattr.c CAP +sys_lsetxattr fs/xattr.c CAP +sys_fsetxattr fs/xattr.c CAP +sys_getxattr fs/xattr.c CAP +sys_lgetxattr fs/xattr.c CAP +sys_fgetxattr fs/xattr.c CAP +sys_listxattr fs/xattr.c CAP +sys_llistxattr fs/xattr.c CAP +sys_flistxattr fs/xattr.c CAP +sys_removexattr fs/xattr.c CAP +sys_lremovexattr fs/xattr.c CAP +sys_fremovexattr fs/xattr.c CAP +sys_tkill fs/signal.c CAP +sys_sendfile64 fs/read_write.c CAP +compat_sys_futex OK +compat_sys_sched_setaffinity kernel/compat.c CAP +compat_sys_sched_getaffinity kernel/compat.c CAP +sys32_set_thread_area OK +sys32_get_thread_area OK +compat_sys_io_setup fs/compat.c REDIR +sys_io_destroy fs/aio.c CAP +compat_sys_io_getevents fs/compat.c REDIR +compat_sys_io_submit fs/compat.c REDIR +sys_io_cancel fs/aio.c CAP +sys32_fadvise64 arch/x86_64/ia32/sys_ia32.c REDIR +quiet_ni_syscall --- +sys_exit_group kernel/exit.c OK? +sys32_lookup_dcookie arch/x86_64/ia32/sys_ia32.c REDIR +sys_epoll_create fs/eventpoll.c CAP +sys_epoll_ctl fs/eventpoll.c CAP +sys_epoll_wait fs/eventpoll.c CAP +sys_remap_file_pages mm/fremap.c OK? +sys_set_tid_address OK +compat_sys_timer_create kernel/compat.c REDIR +compat_sys_timer_settime kernel/compat.c REDIR +compat_sys_timer_gettime kernel/compat.c REDIR +sys_timer_getoverrun kernel/posix-timers.c CAP +sys_timer_delete kernel/posix-timers.c CAP +compat_sys_clock_settime kernel/compat.c REDIR +compat_sys_clock_gettime kernel/compat.c REDIR +compat_sys_clock_getres kernel/compat.c REDIR +compat_sys_clock_nanosleep kernel/compat.c REDIR +compat_sys_statfs64 fs/compat.c CAP +compat_sys_fstatfs64 fs/compat.c CAP +sys_tgkill kernel/signal.c CAP +compat_sys_utimes fs/compat.c REDIR +sys32_fadvise64_64 arch/x86_64/ia32/sys_ia32.c REDIR +quiet_ni_syscall --- +sys_mbind mm/mempolicy.c CAP +compat_sys_get_mempolicy mm/mempolicy.c REDIR +sys_set_mempolicy mm/mempolicy.c CAP +compat_sys_mq_open ipc/compat_mq.c REDIR +sys_mq_unlink ipc/mqueue.c CAP +compat_sys_mq_timedsend ipc/compat_mq.c REDIR +compat_sys_mq_timedreceive ipc/compat_mq.c REDIR +compat_sys_mq_notify ipc/compat_mq.c REDIR +compat_sys_mq_getsetattr ipc/compat_mq.c REDIR +compat_sys_kexec_load kernel/kexec.c REDIR +compat_sys_waitid kernel/compat.c REDIR +quiet_ni_syscall --- +sys_add_key security/keys/keyctl.c CAP +sys_request_key security/keys/keyctl.c CAP +sys_keyctl security/keys/keyctl.c CAP +sys_ioprio_set fs/ioprio.c CAP +sys_ioprio_get fs/ioprio.c CAP +sys_inotify_init fs/inotify_user.c CAP +sys_inotify_add_watch fs/inotify_user.c CAP +sys_inotify_rm_watch fs/inotify_user.c CAP +sys_migrate_pages mm/mempolicy.c CAP +compat_sys_openat fs/compat.c CAP +sys_mkdirat fs/namei.c CAP +sys_mknodat fs/namei.c CAP +sys_fchownat fs/open.c CAP +compat_sys_futimesat fs/compat.c CAP +sys32_fstatat arch/x86_64/ia32/sys_ia32.c CAP +sys_unlinkat fs/namei.c CAP +sys_renameat fs/namei.c CAP +sys_linkat fs/namei.c CAP +sys_symlinkat fs/namei.c CAP +sys_readlinkat fs/stat.c CAP +sys_fchmodat fs/open.c CAP +sys_faccessat fs/open.c CAP +compat_sys_pselect6 OK +compat_sys_ppoll OK +sys_unshare kernel/fork.c CAP +compat_sys_set_robust_list OK +compat_sys_get_robust_list OK +sys_splice fs/splice.c CAP +sys32_sync_file_range arch/x86_64/ia32/sys_ia32.c REDIR +sys_tee fs/splice.c CAP +compat_sys_vmsplice fs/compat.c REDIR +compat_sys_move_pages kernel/compat.c REDIR +sys_getcpu kernel/sys.c CAP +sys_epoll_pwait fs/eventpoll.c CAP +compat_sys_utimensat fs/compat.c CAP +compat_sys_signalfd fs/compat.c REDIR +compat_sys_timerfd fs/compat.c REDIR +sys_eventfd fs/eventfd.c CAP + +=== END OF SYSCALL TABLE === +*) The line number corresponds to syscall number + +Syscall 0: +sys_restart_syscall kernel/signal.c OK + +syscall table is in arch/x86_64/ia32/ia32entry.S diff -ruNp linux-2.6.18/fs/aio.c linux-2.6.18-cher1/fs/aio.c --- linux-2.6.18/fs/aio.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/aio.c 2007-08-04 11:30:52.000000000 +0400 @@ -1257,6 +1257,9 @@ asmlinkage long sys_io_setup(unsigned nr unsigned long ctx; long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ret = get_user(ctx, ctxp); if (unlikely(ret)) goto out; @@ -1291,7 +1294,12 @@ out: */ asmlinkage long sys_io_destroy(aio_context_t ctx) { - struct kioctx *ioctx = lookup_ioctx(ctx); + struct kioctx *ioctx = 0; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + ioctx = lookup_ioctx(ctx); if (likely(NULL != ioctx)) { io_destroy(ioctx); return 0; @@ -1566,6 +1574,9 @@ asmlinkage long sys_io_submit(aio_contex long ret = 0; int i; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (unlikely(nr < 0)) return -EINVAL; @@ -1643,6 +1654,9 @@ asmlinkage long sys_io_cancel(aio_contex u32 key; int ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ret = get_user(key, &iocb->aio_key); if (unlikely(ret)) return -EFAULT; @@ -1702,9 +1716,13 @@ asmlinkage long sys_io_getevents(aio_con struct io_event __user *events, struct timespec __user *timeout) { - struct kioctx *ioctx = lookup_ioctx(ctx_id); + struct kioctx *ioctx = 0; long ret = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + ioctx = lookup_ioctx(ctx_id); if (likely(ioctx)) { if (likely(min_nr <= nr && min_nr >= 0 && nr >= 0)) ret = read_events(ioctx, min_nr, nr, events, timeout); @@ -1719,3 +1737,9 @@ __initcall(aio_setup); EXPORT_SYMBOL(aio_complete); EXPORT_SYMBOL(aio_put_req); EXPORT_SYMBOL(wait_on_sync_kiocb); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/fs/binfmt_aout.c linux-2.6.18-cher1/fs/binfmt_aout.c --- linux-2.6.18/fs/binfmt_aout.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/binfmt_aout.c 2007-08-04 11:30:52.000000000 +0400 @@ -287,8 +287,12 @@ static int load_aout_binary(struct linux rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur; if (rlim >= RLIM_INFINITY) rlim = ~0; - if (ex.a_data + ex.a_bss > rlim) + if (ex.a_data + ex.a_bss > rlim) { + if ((current->sbox_flags & SBOX_MEMLIMITON)) { + current->sbox_flags |= SBOX_WAS_MEMLIMIT; + } return -ENOMEM; + } /* Flush all traces of the currently running executable */ retval = flush_old_exec(bprm); @@ -546,3 +550,9 @@ static void __exit exit_aout_binfmt(void core_initcall(init_aout_binfmt); module_exit(exit_aout_binfmt); MODULE_LICENSE("GPL"); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/fs/binfmt_flat.c linux-2.6.18-cher1/fs/binfmt_flat.c --- linux-2.6.18/fs/binfmt_flat.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/binfmt_flat.c 2007-08-04 11:30:52.000000000 +0400 @@ -496,6 +496,9 @@ static int load_flat_file(struct linux_b if (rlim >= RLIM_INFINITY) rlim = ~0; if (data_len + bss_len > rlim) { + if ((current->sbox_flags & SBOX_MEMLIMITON)) { + current->sbox_flags |= SBOX_WAS_MEMLIMIT; + } ret = -ENOMEM; goto err; } @@ -921,3 +924,9 @@ core_initcall(init_flat_binfmt); module_exit(exit_flat_binfmt); /****************************************************************************/ + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/fs/buffer.c linux-2.6.18-cher1/fs/buffer.c --- linux-2.6.18/fs/buffer.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/buffer.c 2007-08-04 11:30:52.000000000 +0400 @@ -3034,6 +3034,9 @@ asmlinkage long sys_bdflush(int func, lo { static int msg_count; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SYS_ADMIN)) return -EPERM; diff -ruNp linux-2.6.18/fs/compat.c linux-2.6.18-cher1/fs/compat.c --- linux-2.6.18/fs/compat.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/compat.c 2007-08-04 11:38:17.000000000 +0400 @@ -77,6 +77,9 @@ asmlinkage long compat_sys_utime(char __ { struct timeval tv[2]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (t) { if (get_user(tv[0].tv_sec, &t->actime) || get_user(tv[1].tv_sec, &t->modtime)) @@ -91,6 +94,9 @@ asmlinkage long compat_sys_futimesat(uns { struct timeval tv[2]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (t) { if (get_user(tv[0].tv_sec, &t[0].tv_sec) || get_user(tv[0].tv_usec, &t[0].tv_usec) || @@ -110,8 +116,12 @@ asmlinkage long compat_sys_newstat(char struct compat_stat __user *statbuf) { struct kstat stat; - int error = vfs_stat_fd(AT_FDCWD, filename, &stat); + int error = 0; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = vfs_stat_fd(AT_FDCWD, filename, &stat); if (!error) error = cp_compat_stat(&stat, statbuf); return error; @@ -121,8 +131,12 @@ asmlinkage long compat_sys_newlstat(char struct compat_stat __user *statbuf) { struct kstat stat; - int error = vfs_lstat_fd(AT_FDCWD, filename, &stat); + int error = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + error = vfs_lstat_fd(AT_FDCWD, filename, &stat); if (!error) error = cp_compat_stat(&stat, statbuf); return error; @@ -135,6 +149,9 @@ asmlinkage long compat_sys_newfstatat(un struct kstat stat; int error = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0) goto out; @@ -155,8 +172,12 @@ asmlinkage long compat_sys_newfstat(unsi struct compat_stat __user * statbuf) { struct kstat stat; - int error = vfs_fstat(fd, &stat); + int error = 0; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = vfs_fstat(fd, &stat); if (!error) error = cp_compat_stat(&stat, statbuf); return error; @@ -208,6 +229,9 @@ asmlinkage long compat_sys_statfs(const struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk(path, &nd); if (!error) { struct kstatfs tmp; @@ -225,6 +249,9 @@ asmlinkage long compat_sys_fstatfs(unsig struct kstatfs tmp; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EBADF; file = fget(fd); if (!file) @@ -273,6 +300,9 @@ asmlinkage long compat_sys_statfs64(cons struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (sz != sizeof(*buf)) return -EINVAL; @@ -293,6 +323,9 @@ asmlinkage long compat_sys_fstatfs64(uns struct kstatfs tmp; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (sz != sizeof(*buf)) return -EINVAL; @@ -391,6 +424,9 @@ asmlinkage long compat_sys_ioctl(unsigne struct ioctl_trans *t; int fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + filp = fget_light(fd, &fput_needed); if (!filp) goto out; @@ -526,6 +562,9 @@ asmlinkage long compat_sys_fcntl64(unsig struct flock f; long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + switch (cmd) { case F_GETLK: case F_SETLK: @@ -591,6 +630,9 @@ asmlinkage long compat_sys_fcntl64(unsig asmlinkage long compat_sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((cmd == F_GETLK64) || (cmd == F_SETLK64) || (cmd == F_SETLKW64)) return -EINVAL; return compat_sys_fcntl64(fd, cmd, arg); @@ -602,6 +644,9 @@ compat_sys_io_setup(unsigned nr_reqs, u3 long ret; aio_context_t ctx64; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + mm_segment_t oldfs = get_fs(); if (unlikely(get_user(ctx64, ctx32p))) return -EFAULT; @@ -627,6 +672,9 @@ compat_sys_io_getevents(aio_context_t ct struct timespec t; struct timespec __user *ut = NULL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ret = -EFAULT; if (unlikely(!access_ok(VERIFY_WRITE, events, nr * sizeof(struct io_event)))) @@ -667,6 +715,9 @@ compat_sys_io_submit(aio_context_t ctx_i struct iocb __user * __user *iocb64; long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (unlikely(nr < 0)) return -EINVAL; @@ -854,6 +905,9 @@ asmlinkage long compat_sys_mount(char __ char *dir_page; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = copy_mount_options (type, &type_page); if (retval < 0) goto out; @@ -950,6 +1004,9 @@ asmlinkage long compat_sys_old_readdir(u struct file *file; struct compat_readdir_callback buf; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EBADF; file = fget(fd); if (!file) @@ -1025,6 +1082,9 @@ asmlinkage long compat_sys_getdents(unsi struct compat_getdents_callback buf; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EFAULT; if (!access_ok(VERIFY_WRITE, dirent, count)) goto out; @@ -1117,6 +1177,9 @@ asmlinkage long compat_sys_getdents64(un struct compat_getdents_callback64 buf; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EFAULT; if (!access_ok(VERIFY_WRITE, dirent, count)) goto out; @@ -1339,6 +1402,10 @@ compat_sys_vmsplice(int fd, const struct struct iovec *iov; if (nr_segs > UIO_MAXIOV) return -EINVAL; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + iov = compat_alloc_user_space(nr_segs * sizeof(struct iovec)); for (i = 0; i < nr_segs; i++) { struct compat_iovec v; @@ -1368,6 +1435,9 @@ compat_sys_open(const char __user *filen asmlinkage long compat_sys_openat(unsigned int dfd, const char __user *filename, int flags, int mode) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + return do_sys_open(dfd, filename, flags, mode); } @@ -2170,6 +2240,9 @@ asmlinkage long compat_sys_nfsservctl(in mm_segment_t oldfs; int err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + karg = kmalloc(sizeof(*karg), GFP_USER); kres = kmalloc(sizeof(*kres), GFP_USER); if(!karg || !kres) { diff -ruNp linux-2.6.18/fs/dcache.c linux-2.6.18-cher1/fs/dcache.c --- linux-2.6.18/fs/dcache.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/dcache.c 2007-08-04 11:30:52.000000000 +0400 @@ -1513,8 +1513,12 @@ asmlinkage long sys_getcwd(char __user * int error; struct vfsmount *pwdmnt, *rootmnt; struct dentry *pwd, *root; - char *page = (char *) __get_free_page(GFP_USER); + char *page = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + page = (char *) __get_free_page(GFP_USER); if (!page) return -ENOMEM; diff -ruNp linux-2.6.18/fs/dcookies.c linux-2.6.18-cher1/fs/dcookies.c --- linux-2.6.18/fs/dcookies.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/dcookies.c 2007-08-04 11:30:52.000000000 +0400 @@ -23,6 +23,7 @@ #include #include #include +#include #include /* The dcookies are allocated from a kmem_cache and @@ -151,6 +152,9 @@ asmlinkage long sys_lookup_dcookie(u64 c size_t pathlen; struct dcookie_struct * dcs; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* we could leak path information to users * without dir read permission without this */ diff -ruNp linux-2.6.18/fs/eventpoll.c linux-2.6.18-cher1/fs/eventpoll.c --- linux-2.6.18/fs/eventpoll.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/eventpoll.c 2007-08-04 11:31:08.000000000 +0400 @@ -502,6 +502,9 @@ asmlinkage long sys_epoll_create(int siz struct inode *inode; struct file *file; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + DNPRINTK(3, (KERN_INFO "[%p] eventpoll: sys_epoll_create(%d)\n", current, size)); @@ -551,6 +554,9 @@ sys_epoll_ctl(int epfd, int op, int fd, struct epitem *epi; struct epoll_event epds; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + DNPRINTK(3, (KERN_INFO "[%p] eventpoll: sys_epoll_ctl(%d, %d, %d, %p)\n", current, epfd, op, fd, event)); @@ -653,6 +659,9 @@ asmlinkage long sys_epoll_wait(int epfd, struct file *file; struct eventpoll *ep; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + DNPRINTK(3, (KERN_INFO "[%p] eventpoll: sys_epoll_wait(%d, %p, %d, %d)\n", current, epfd, events, maxevents, timeout)); @@ -730,6 +739,9 @@ static int ep_getfd(int *efd, struct ino goto eexit_3; fd = error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* * Link the inode to a directory entry by creating a unique name * using the inode number. diff -ruNp linux-2.6.18/fs/exec.c linux-2.6.18-cher1/fs/exec.c --- linux-2.6.18/fs/exec.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/exec.c 2007-08-04 11:31:08.000000000 +0400 @@ -127,6 +127,9 @@ asmlinkage long sys_uselib(const char __ struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = __user_path_lookup_open(library, LOOKUP_FOLLOW, &nd, FMODE_READ|FMODE_EXEC); if (error) goto out; diff -ruNp linux-2.6.18/fs/fcntl.c linux-2.6.18-cher1/fs/fcntl.c --- linux-2.6.18/fs/fcntl.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/fcntl.c 2007-08-04 11:31:08.000000000 +0400 @@ -141,6 +141,9 @@ asmlinkage long sys_dup2(unsigned int ol struct files_struct * files = current->files; struct fdtable *fdt; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + spin_lock(&files->file_lock); if (!(file = fcheck(oldfd))) goto out_unlock; @@ -193,8 +196,12 @@ out_fput: asmlinkage long sys_dup(unsigned int fildes) { int ret = -EBADF; - struct file * file = fget(fildes); + struct file * file = 0; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + file = fget(fildes); if (file) ret = dupfd(file, 0); return ret; @@ -356,6 +363,9 @@ asmlinkage long sys_fcntl(unsigned int f struct file *filp; long err = -EBADF; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + filp = fget(fd); if (!filp) goto out; @@ -379,6 +389,9 @@ asmlinkage long sys_fcntl64(unsigned int struct file * filp; long err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + err = -EBADF; filp = fget(fd); if (!filp) @@ -621,3 +634,9 @@ static int __init fasync_init(void) } module_init(fasync_init) + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/fs/filesystems.c linux-2.6.18-cher1/fs/filesystems.c --- linux-2.6.18/fs/filesystems.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/filesystems.c 2007-08-04 11:31:08.000000000 +0400 @@ -182,6 +182,9 @@ asmlinkage long sys_sysfs(int option, un { int retval = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + switch (option) { case 1: retval = fs_index((const char __user *) arg1); diff -ruNp linux-2.6.18/fs/inotify_user.c linux-2.6.18-cher1/fs/inotify_user.c --- linux-2.6.18/fs/inotify_user.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/inotify_user.c 2007-08-04 11:31:08.000000000 +0400 @@ -539,6 +539,9 @@ asmlinkage long sys_inotify_init(void) struct file *filp; int fd, ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + fd = get_unused_fd(); if (fd < 0) return fd; @@ -611,6 +614,9 @@ asmlinkage long sys_inotify_add_watch(in int ret, fput_needed; unsigned flags = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + filp = fget_light(fd, &fput_needed); if (unlikely(!filp)) return -EBADF; @@ -652,6 +658,9 @@ asmlinkage long sys_inotify_rm_watch(int struct inotify_device *dev; int ret, fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + filp = fget_light(fd, &fput_needed); if (unlikely(!filp)) return -EBADF; diff -ruNp linux-2.6.18/fs/ioctl.c linux-2.6.18-cher1/fs/ioctl.c --- linux-2.6.18/fs/ioctl.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/ioctl.c 2007-08-04 11:31:08.000000000 +0400 @@ -162,6 +162,9 @@ asmlinkage long sys_ioctl(unsigned int f int error = -EBADF; int fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + filp = fget_light(fd, &fput_needed); if (!filp) goto out; @@ -184,3 +187,9 @@ asmlinkage long sys_ioctl(unsigned int f #ifdef CONFIG_COMPAT EXPORT_SYMBOL(sys_ioctl); #endif + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/fs/ioprio.c linux-2.6.18-cher1/fs/ioprio.c --- linux-2.6.18/fs/ioprio.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/ioprio.c 2007-08-04 11:41:55.000000000 +0400 @@ -62,6 +62,9 @@ asmlinkage long sys_ioprio_set(int which struct user_struct *user; int ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + switch (class) { case IOPRIO_CLASS_RT: if (!capable(CAP_SYS_ADMIN)) @@ -170,6 +173,9 @@ asmlinkage long sys_ioprio_get(int which int ret = -ESRCH; int tmpio; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + read_lock_irq(&tasklist_lock); switch (which) { case IOPRIO_WHO_PROCESS: diff -ruNp linux-2.6.18/fs/locks.c linux-2.6.18-cher1/fs/locks.c --- linux-2.6.18/fs/locks.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/locks.c 2007-08-04 11:31:08.000000000 +0400 @@ -1573,6 +1573,9 @@ asmlinkage long sys_flock(unsigned int f int can_sleep, unlock; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EBADF; filp = fget(fd); if (!filp) diff -ruNp linux-2.6.18/fs/namei.c linux-2.6.18-cher1/fs/namei.c --- linux-2.6.18/fs/namei.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/namei.c 2007-08-04 11:31:08.000000000 +0400 @@ -1833,6 +1833,9 @@ asmlinkage long sys_mknodat(int dfd, con struct dentry * dentry; struct nameidata nd; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (S_ISDIR(mode)) return -EPERM; tmp = getname(filename); @@ -1907,6 +1910,9 @@ asmlinkage long sys_mkdirat(int dfd, con int error = 0; char * tmp; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + tmp = getname(pathname); error = PTR_ERR(tmp); if (!IS_ERR(tmp)) { @@ -2042,6 +2048,9 @@ exit: asmlinkage long sys_rmdir(const char __user *pathname) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + return do_rmdir(AT_FDCWD, pathname); } @@ -2130,6 +2139,9 @@ slashes: asmlinkage long sys_unlinkat(int dfd, const char __user *pathname, int flag) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((flag & ~AT_REMOVEDIR) != 0) return -EINVAL; @@ -2141,6 +2153,9 @@ asmlinkage long sys_unlinkat(int dfd, co asmlinkage long sys_unlink(const char __user *pathname) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + return do_unlinkat(AT_FDCWD, pathname); } @@ -2172,6 +2187,9 @@ asmlinkage long sys_symlinkat(const char char * from; char * to; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + from = getname(oldname); if(IS_ERR(from)) return PTR_ERR(from); @@ -2260,6 +2278,9 @@ asmlinkage long sys_linkat(int olddfd, c int error; char * to; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((flags & ~AT_SYMLINK_FOLLOW) != 0) return -EINVAL; @@ -2530,6 +2551,9 @@ asmlinkage long sys_renameat(int olddfd, char * from; char * to; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + from = getname(oldname); if(IS_ERR(from)) return PTR_ERR(from); @@ -2743,3 +2767,9 @@ EXPORT_SYMBOL(vfs_symlink); EXPORT_SYMBOL(vfs_unlink); EXPORT_SYMBOL(dentry_unhash); EXPORT_SYMBOL(generic_readlink); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/fs/namespace.c linux-2.6.18-cher1/fs/namespace.c --- linux-2.6.18/fs/namespace.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/namespace.c 2007-08-04 11:31:08.000000000 +0400 @@ -642,6 +642,9 @@ asmlinkage long sys_umount(char __user * struct nameidata nd; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = __user_walk(name, LOOKUP_FOLLOW, &nd); if (retval) goto out; @@ -1556,6 +1559,9 @@ asmlinkage long sys_mount(char __user * unsigned long dev_page; char *dir_page; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = copy_mount_options(type, &type_page); if (retval < 0) return retval; @@ -1689,6 +1695,9 @@ asmlinkage long sys_pivot_root(const cha struct nameidata new_nd, old_nd, parent_nd, root_parent, user_nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SYS_ADMIN)) return -EPERM; @@ -1881,3 +1890,9 @@ void __put_namespace(struct namespace *n release_mounts(&umount_list); kfree(namespace); } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/fs/nfsctl.c linux-2.6.18-cher1/fs/nfsctl.c --- linux-2.6.18/fs/nfsctl.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/nfsctl.c 2007-08-04 11:31:08.000000000 +0400 @@ -14,6 +14,7 @@ #include #include #include +#include #include /* @@ -94,6 +95,9 @@ asmlinkage sys_nfsservctl(int cmd, struc int version; int err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (copy_from_user(&version, &arg->ca_version, sizeof(int))) return -EFAULT; diff -ruNp linux-2.6.18/fs/open.c linux-2.6.18-cher1/fs/open.c --- linux-2.6.18/fs/open.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/open.c 2007-08-04 11:43:07.000000000 +0400 @@ -127,6 +127,9 @@ asmlinkage long sys_statfs(const char __ struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk(path, &nd); if (!error) { struct statfs tmp; @@ -144,6 +147,9 @@ asmlinkage long sys_statfs64(const char struct nameidata nd; long error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (sz != sizeof(*buf)) return -EINVAL; error = user_path_walk(path, &nd); @@ -164,6 +170,9 @@ asmlinkage long sys_fstatfs(unsigned int struct statfs tmp; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EBADF; file = fget(fd); if (!file) @@ -182,6 +191,9 @@ asmlinkage long sys_fstatfs64(unsigned i struct statfs64 tmp; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (sz != sizeof(*buf)) return -EINVAL; @@ -226,6 +238,9 @@ static long do_sys_truncate(const char _ struct inode * inode; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EINVAL; if (length < 0) /* sorry, but loff_t says... */ goto out; @@ -293,6 +308,9 @@ static long do_sys_ftruncate(unsigned in struct file * file; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EINVAL; if (length < 0) goto out; @@ -496,6 +514,9 @@ asmlinkage long sys_faccessat(int dfd, c kernel_cap_t old_cap; int res; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ return -EINVAL; @@ -546,6 +567,9 @@ asmlinkage long sys_chdir(const char __u struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = __user_walk(filename, LOOKUP_FOLLOW|LOOKUP_DIRECTORY|LOOKUP_CHDIR, &nd); if (error) @@ -571,6 +595,9 @@ asmlinkage long sys_fchdir(unsigned int struct vfsmount *mnt; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EBADF; file = fget(fd); if (!file) @@ -598,6 +625,9 @@ asmlinkage long sys_chroot(const char __ struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = __user_walk(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY | LOOKUP_NOALT, &nd); if (error) goto out; @@ -627,6 +657,9 @@ asmlinkage long sys_fchmod(unsigned int int err = -EBADF; struct iattr newattrs; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + file = fget(fd); if (!file) goto out; @@ -664,6 +697,9 @@ asmlinkage long sys_fchmodat(int dfd, co int error; struct iattr newattrs; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = __user_walk_fd(dfd, filename, LOOKUP_FOLLOW, &nd); if (error) goto out; @@ -736,6 +772,9 @@ asmlinkage long sys_chown(const char __u struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk(filename, &nd); if (!error) { error = chown_common(nd.dentry, user, group); @@ -751,6 +790,9 @@ asmlinkage long sys_fchownat(int dfd, co int error = -EINVAL; int follow; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0) goto out; @@ -769,6 +811,9 @@ asmlinkage long sys_lchown(const char __ struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk_link(filename, &nd); if (!error) { error = chown_common(nd.dentry, user, group); @@ -783,6 +828,9 @@ asmlinkage long sys_fchown(unsigned int struct file * file; int error = -EBADF; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + file = fget(fd); if (file) { struct dentry * dentry; @@ -1081,6 +1129,17 @@ long do_sys_open(int dfd, const char __u char *tmp = getname(filename); int fd = PTR_ERR(tmp); + if (!IS_ERR(tmp) && (current->sbox_flags & SBOX_NO_SYSCALLS)) { + char *s = tmp; + while (s[0] == '.' && s[1] == '/') s += 2; + for (; *s && *s != '/'; s++); + if (*s == '/') { + putname(tmp); + return -EPERM; + } + flags &= ~(O_CREAT | O_EXCL); + } + if (!IS_ERR(tmp)) { fd = get_unused_fd(); if (fd >= 0) { @@ -1102,6 +1161,9 @@ asmlinkage long sys_open(const char __us { long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (force_o_largefile()) flags |= O_LARGEFILE; @@ -1200,6 +1262,9 @@ EXPORT_SYMBOL(sys_close); */ asmlinkage long sys_vhangup(void) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (capable(CAP_SYS_TTY_CONFIG)) { tty_vhangup(current->signal->tty); return 0; @@ -1233,3 +1298,9 @@ int nonseekable_open(struct inode *inode } EXPORT_SYMBOL(nonseekable_open); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/fs/quota.c linux-2.6.18-cher1/fs/quota.c --- linux-2.6.18/fs/quota.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/quota.c 2007-08-04 11:31:08.000000000 +0400 @@ -351,6 +351,9 @@ asmlinkage long sys_quotactl(unsigned in char *tmp; int ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + cmds = cmd >> SUBCMDSHIFT; type = cmd & SUBCMDMASK; diff -ruNp linux-2.6.18/fs/readdir.c linux-2.6.18-cher1/fs/readdir.c --- linux-2.6.18/fs/readdir.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/readdir.c 2007-08-04 11:31:08.000000000 +0400 @@ -100,6 +100,9 @@ asmlinkage long old_readdir(unsigned int struct file * file; struct readdir_callback buf; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EBADF; file = fget(fd); if (!file) @@ -180,6 +183,9 @@ asmlinkage long sys_getdents(unsigned in struct getdents_callback buf; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EFAULT; if (!access_ok(VERIFY_WRITE, dirent, count)) goto out; @@ -266,6 +272,9 @@ asmlinkage long sys_getdents64(unsigned struct getdents_callback64 buf; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EFAULT; if (!access_ok(VERIFY_WRITE, dirent, count)) goto out; @@ -298,3 +307,9 @@ out_putf: out: return error; } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/fs/read_write.c linux-2.6.18-cher1/fs/read_write.c --- linux-2.6.18/fs/read_write.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/read_write.c 2007-08-04 11:31:08.000000000 +0400 @@ -131,6 +131,9 @@ asmlinkage off_t sys_lseek(unsigned int struct file * file; int fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = -EBADF; file = fget_light(fd, &fput_needed); if (!file) @@ -158,6 +161,9 @@ asmlinkage long sys_llseek(unsigned int loff_t offset; int fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = -EBADF; file = fget_light(fd, &fput_needed); if (!file) @@ -402,6 +408,12 @@ asmlinkage ssize_t sys_pwrite64(unsigned ssize_t ret = -EBADF; int fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (pos < 0) return -EINVAL; @@ -737,6 +749,9 @@ asmlinkage ssize_t sys_sendfile(int out_ off_t off; ssize_t ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (offset) { if (unlikely(get_user(off, offset))) return -EFAULT; @@ -755,6 +770,9 @@ asmlinkage ssize_t sys_sendfile64(int ou loff_t pos; ssize_t ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (offset) { if (unlikely(copy_from_user(&pos, offset, sizeof(loff_t)))) return -EFAULT; @@ -766,3 +784,9 @@ asmlinkage ssize_t sys_sendfile64(int ou return do_sendfile(out_fd, in_fd, NULL, count, 0); } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/fs/splice.c linux-2.6.18-cher1/fs/splice.c --- linux-2.6.18/fs/splice.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/splice.c 2007-08-04 11:31:12.000000000 +0400 @@ -1263,6 +1263,9 @@ asmlinkage long sys_vmsplice(int fd, con long error; int fput; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EBADF; file = fget_light(fd, &fput); if (file) { @@ -1283,6 +1286,9 @@ asmlinkage long sys_splice(int fd_in, lo struct file *in, *out; int fput_in, fput_out; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (unlikely(!len)) return 0; @@ -1507,6 +1513,9 @@ asmlinkage long sys_tee(int fdin, int fd struct file *in; int error, fput_in; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (unlikely(!len)) return 0; diff -ruNp linux-2.6.18/fs/stat.c linux-2.6.18-cher1/fs/stat.c --- linux-2.6.18/fs/stat.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/stat.c 2007-08-04 11:31:12.000000000 +0400 @@ -160,8 +160,12 @@ static int cp_old_stat(struct kstat *sta asmlinkage long sys_stat(char __user * filename, struct __old_kernel_stat __user * statbuf) { struct kstat stat; - int error = vfs_stat_fd(AT_FDCWD, filename, &stat); + int error; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = vfs_stat_fd(AT_FDCWD, filename, &stat); if (!error) error = cp_old_stat(&stat, statbuf); @@ -170,8 +174,12 @@ asmlinkage long sys_stat(char __user * f asmlinkage long sys_lstat(char __user * filename, struct __old_kernel_stat __user * statbuf) { struct kstat stat; - int error = vfs_lstat_fd(AT_FDCWD, filename, &stat); + int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + error = vfs_lstat_fd(AT_FDCWD, filename, &stat); if (!error) error = cp_old_stat(&stat, statbuf); @@ -180,8 +188,12 @@ asmlinkage long sys_lstat(char __user * asmlinkage long sys_fstat(unsigned int fd, struct __old_kernel_stat __user * statbuf) { struct kstat stat; - int error = vfs_fstat(fd, &stat); + int error; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = vfs_fstat(fd, &stat); if (!error) error = cp_old_stat(&stat, statbuf); @@ -241,8 +253,12 @@ static int cp_new_stat(struct kstat *sta asmlinkage long sys_newstat(char __user *filename, struct stat __user *statbuf) { struct kstat stat; - int error = vfs_stat_fd(AT_FDCWD, filename, &stat); + int error; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = vfs_stat_fd(AT_FDCWD, filename, &stat); if (!error) error = cp_new_stat(&stat, statbuf); @@ -252,8 +268,12 @@ asmlinkage long sys_newstat(char __user asmlinkage long sys_newlstat(char __user *filename, struct stat __user *statbuf) { struct kstat stat; - int error = vfs_lstat_fd(AT_FDCWD, filename, &stat); + int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + error = vfs_lstat_fd(AT_FDCWD, filename, &stat); if (!error) error = cp_new_stat(&stat, statbuf); @@ -267,6 +287,9 @@ asmlinkage long sys_newfstatat(int dfd, struct kstat stat; int error = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0) goto out; @@ -286,8 +309,12 @@ out: asmlinkage long sys_newfstat(unsigned int fd, struct stat __user *statbuf) { struct kstat stat; - int error = vfs_fstat(fd, &stat); + int error; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = vfs_fstat(fd, &stat); if (!error) error = cp_new_stat(&stat, statbuf); @@ -300,6 +327,9 @@ asmlinkage long sys_readlinkat(int dfd, struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (bufsiz <= 0) return -EINVAL; @@ -368,8 +398,12 @@ static long cp_new_stat64(struct kstat * asmlinkage long sys_stat64(char __user * filename, struct stat64 __user * statbuf) { struct kstat stat; - int error = vfs_stat(filename, &stat); + int error; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = vfs_stat(filename, &stat); if (!error) error = cp_new_stat64(&stat, statbuf); @@ -378,8 +412,12 @@ asmlinkage long sys_stat64(char __user * asmlinkage long sys_lstat64(char __user * filename, struct stat64 __user * statbuf) { struct kstat stat; - int error = vfs_lstat(filename, &stat); + int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + error = vfs_lstat(filename, &stat); if (!error) error = cp_new_stat64(&stat, statbuf); @@ -388,8 +426,12 @@ asmlinkage long sys_lstat64(char __user asmlinkage long sys_fstat64(unsigned long fd, struct stat64 __user * statbuf) { struct kstat stat; - int error = vfs_fstat(fd, &stat); + int error; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = vfs_fstat(fd, &stat); if (!error) error = cp_new_stat64(&stat, statbuf); @@ -402,6 +444,9 @@ asmlinkage long sys_fstatat64(int dfd, c struct kstat stat; int error = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0) goto out; @@ -469,3 +514,9 @@ void inode_set_bytes(struct inode *inode } EXPORT_SYMBOL(inode_set_bytes); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/fs/super.c linux-2.6.18-cher1/fs/super.c --- linux-2.6.18/fs/super.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/super.c 2007-08-04 11:31:12.000000000 +0400 @@ -490,6 +490,9 @@ asmlinkage long sys_ustat(unsigned dev, struct kstatfs sbuf; int err = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + s = user_get_super(new_decode_dev(dev)); if (s == NULL) goto out; @@ -884,3 +887,9 @@ struct vfsmount *kern_mount(struct file_ } EXPORT_SYMBOL(kern_mount); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/fs/sync.c linux-2.6.18-cher1/fs/sync.c --- linux-2.6.18/fs/sync.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/sync.c 2007-08-04 11:31:12.000000000 +0400 @@ -69,6 +69,9 @@ asmlinkage long sys_sync_file_range(int int fput_needed; umode_t i_mode; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ret = -EINVAL; if (flags & ~VALID_FLAGS) goto out; diff -ruNp linux-2.6.18/fs/xattr.c linux-2.6.18-cher1/fs/xattr.c --- linux-2.6.18/fs/xattr.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/fs/xattr.c 2007-08-04 11:31:19.000000000 +0400 @@ -207,6 +207,9 @@ sys_setxattr(char __user *path, char __u struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk(path, &nd); if (error) return error; @@ -222,6 +225,9 @@ sys_lsetxattr(char __user *path, char __ struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk_link(path, &nd); if (error) return error; @@ -238,6 +244,9 @@ sys_fsetxattr(int fd, char __user *name, struct dentry *dentry; int error = -EBADF; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + f = fget(fd); if (!f) return error; @@ -292,6 +301,9 @@ sys_getxattr(char __user *path, char __u struct nameidata nd; ssize_t error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk(path, &nd); if (error) return error; @@ -307,6 +319,9 @@ sys_lgetxattr(char __user *path, char __ struct nameidata nd; ssize_t error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk_link(path, &nd); if (error) return error; @@ -321,6 +336,9 @@ sys_fgetxattr(int fd, char __user *name, struct file *f; ssize_t error = -EBADF; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + f = fget(fd); if (!f) return error; @@ -376,6 +394,9 @@ sys_listxattr(char __user *path, char __ struct nameidata nd; ssize_t error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk(path, &nd); if (error) return error; @@ -390,6 +411,9 @@ sys_llistxattr(char __user *path, char _ struct nameidata nd; ssize_t error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk_link(path, &nd); if (error) return error; @@ -404,6 +428,9 @@ sys_flistxattr(int fd, char __user *list struct file *f; ssize_t error = -EBADF; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + f = fget(fd); if (!f) return error; @@ -436,6 +463,9 @@ sys_removexattr(char __user *path, char struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk(path, &nd); if (error) return error; @@ -450,6 +480,9 @@ sys_lremovexattr(char __user *path, char struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk_link(path, &nd); if (error) return error; @@ -465,6 +498,9 @@ sys_fremovexattr(int fd, char __user *na struct dentry *dentry; int error = -EBADF; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + f = fget(fd); if (!f) return error; @@ -602,3 +638,9 @@ EXPORT_SYMBOL(generic_getxattr); EXPORT_SYMBOL(generic_listxattr); EXPORT_SYMBOL(generic_setxattr); EXPORT_SYMBOL(generic_removexattr); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/include/asm-generic/resource.h linux-2.6.18-cher1/include/asm-generic/resource.h --- linux-2.6.18/include/asm-generic/resource.h 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/include/asm-generic/resource.h 2007-08-04 11:31:20.000000000 +0400 @@ -44,8 +44,9 @@ #define RLIMIT_NICE 13 /* max nice prio allowed to raise to 0-39 for nice level 19 .. -20 */ #define RLIMIT_RTPRIO 14 /* maximum realtime priority */ +#define RLIMIT_MCPU 15 /* millisecond cpu limit */ -#define RLIM_NLIMITS 15 +#define RLIM_NLIMITS 16 /* * SuS says limits have to be unsigned. @@ -86,6 +87,7 @@ [RLIMIT_MSGQUEUE] = { MQ_BYTES_MAX, MQ_BYTES_MAX }, \ [RLIMIT_NICE] = { 0, 0 }, \ [RLIMIT_RTPRIO] = { 0, 0 }, \ + [RLIMIT_MCPU] = { RLIM_INFINITY, RLIM_INFINITY }, \ } #endif /* __KERNEL__ */ diff -ruNp linux-2.6.18/include/linux/ptrace.h linux-2.6.18-cher1/include/linux/ptrace.h --- linux-2.6.18/include/linux/ptrace.h 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/include/linux/ptrace.h 2007-08-04 11:31:20.000000000 +0400 @@ -27,6 +27,9 @@ #define PTRACE_GETSIGINFO 0x4202 #define PTRACE_SETSIGINFO 0x4203 +#define PTRACE_MEMLIMIT 0x4280 +#define PTRACE_NO_SYSCALLS 0x4281 + /* options set using PTRACE_SETOPTIONS */ #define PTRACE_O_TRACESYSGOOD 0x00000001 #define PTRACE_O_TRACEFORK 0x00000002 diff -ruNp linux-2.6.18/include/linux/sched.h linux-2.6.18-cher1/include/linux/sched.h --- linux-2.6.18/include/linux/sched.h 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/include/linux/sched.h 2007-08-04 11:31:20.000000000 +0400 @@ -764,6 +764,14 @@ enum sleep_type { struct prio_array; +/* sandbox flags */ +enum { + SBOX_NO_SYSCALLS = 1, /* disable most "dangerous" syscalls */ + SBOX_NO_EXEC = 2, /* disable exec syscall */ + SBOX_MEMLIMITON = 4, /* enable memory limit check */ + SBOX_WAS_MEMLIMIT = 8, /* memory limit happened */ +}; + struct task_struct { volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */ struct thread_info *thread_info; @@ -996,6 +1004,8 @@ struct task_struct { #ifdef CONFIG_TASK_DELAY_ACCT struct task_delay_info *delays; #endif + /* sandbox flags */ + int sbox_flags; }; static inline pid_t process_group(struct task_struct *tsk) diff -ruNp linux-2.6.18/ipc/mqueue.c linux-2.6.18-cher1/ipc/mqueue.c --- linux-2.6.18/ipc/mqueue.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/ipc/mqueue.c 2007-08-04 11:31:20.000000000 +0400 @@ -660,6 +660,9 @@ asmlinkage long sys_mq_open(const char _ char *name; int fd, error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = audit_mq_open(oflag, mode, u_attr); if (error != 0) return error; @@ -726,6 +729,9 @@ asmlinkage long sys_mq_unlink(const char struct dentry *dentry; struct inode *inode = NULL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + name = getname(u_name); if (IS_ERR(name)) return PTR_ERR(name); @@ -821,6 +827,9 @@ asmlinkage long sys_mq_timedsend(mqd_t m long timeout; int ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ret = audit_mq_timedsend(mqdes, msg_len, msg_prio, u_abs_timeout); if (ret != 0) return ret; @@ -907,6 +916,9 @@ asmlinkage ssize_t sys_mq_timedreceive(m struct mqueue_inode_info *info; struct ext_wait_queue wait; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ret = audit_mq_timedreceive(mqdes, msg_len, u_msg_prio, u_abs_timeout); if (ret != 0) return ret; @@ -990,6 +1002,9 @@ asmlinkage long sys_mq_notify(mqd_t mqde struct mqueue_inode_info *info; struct sk_buff *nc; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ret = audit_mq_notify(mqdes, u_notification); if (ret != 0) return ret; @@ -1112,6 +1127,9 @@ asmlinkage long sys_mq_getsetattr(mqd_t struct inode *inode; struct mqueue_inode_info *info; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (u_mqstat != NULL) { if (copy_from_user(&mqstat, u_mqstat, sizeof(struct mq_attr))) return -EFAULT; @@ -1283,3 +1301,9 @@ out_sysctl: } __initcall(init_mqueue_fs); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/ipc/msg.c linux-2.6.18-cher1/ipc/msg.c --- linux-2.6.18/ipc/msg.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/ipc/msg.c 2007-08-04 11:44:42.000000000 +0400 @@ -213,6 +213,9 @@ asmlinkage long sys_msgget(key_t key, in struct msg_queue *msq; int id, ret = -EPERM; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + mutex_lock(&msg_ids.mutex); if (key == IPC_PRIVATE) ret = newque(key, msgflg); @@ -342,6 +345,9 @@ asmlinkage long sys_msgctl(int msqid, in struct msg_queue *msq; int err, version; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (msqid < 0 || cmd < 0) return -EINVAL; @@ -583,6 +589,9 @@ sys_msgsnd(int msqid, struct msgbuf __us long mtype; int err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (msgsz > msg_ctlmax || (long) msgsz < 0 || msqid < 0) return -EINVAL; if (get_user(mtype, &msgp->mtype)) @@ -695,6 +704,9 @@ asmlinkage long sys_msgrcv(int msqid, st struct msg_msg *msg; int mode; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (msqid < 0 || (long) msgsz < 0) return -EINVAL; mode = convert_mode(&msgtyp, msgflg); diff -ruNp linux-2.6.18/ipc/sem.c linux-2.6.18-cher1/ipc/sem.c --- linux-2.6.18/ipc/sem.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/ipc/sem.c 2007-08-04 11:45:16.000000000 +0400 @@ -216,6 +216,9 @@ asmlinkage long sys_semget (key_t key, i int id, err = -EINVAL; struct sem_array *sma; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (nsems < 0 || nsems > sc_semmsl) return -EINVAL; mutex_lock(&sem_ids.mutex); @@ -873,6 +876,9 @@ asmlinkage long sys_semctl (int semid, i int err = -EINVAL; int version; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (semid < 0) return -EINVAL; @@ -1071,6 +1077,9 @@ asmlinkage long sys_semtimedop(int semid struct sem_queue queue; unsigned long jiffies_left = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (nsops < 1 || semid < 0) return -EINVAL; if (nsops > sc_semopm) diff -ruNp linux-2.6.18/ipc/shm.c linux-2.6.18-cher1/ipc/shm.c --- linux-2.6.18/ipc/shm.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/ipc/shm.c 2007-08-04 11:45:45.000000000 +0400 @@ -274,6 +274,9 @@ asmlinkage long sys_shmget (key_t key, s struct shmid_kernel *shp; int err, id = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + mutex_lock(&shm_ids.mutex); if (key == IPC_PRIVATE) { err = newseg(key, shmflg, size); @@ -431,6 +434,9 @@ asmlinkage long sys_shmctl (int shmid, i struct shmid_kernel *shp; int err, version; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (cmd < 0 || shmid < 0) { err = -EINVAL; goto out; @@ -807,6 +813,9 @@ asmlinkage long sys_shmat(int shmid, cha unsigned long ret; long err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + err = do_shmat(shmid, shmaddr, shmflg, &ret); if (err) return err; @@ -826,6 +835,9 @@ asmlinkage long sys_shmdt(char __user *s loff_t size = 0; int retval = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (addr & ~PAGE_MASK) return retval; diff -ruNp linux-2.6.18/kernel/acct.c linux-2.6.18-cher1/kernel/acct.c --- linux-2.6.18/kernel/acct.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/acct.c 2007-08-04 11:31:20.000000000 +0400 @@ -252,6 +252,9 @@ asmlinkage long sys_acct(const char __us { int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SYS_PACCT)) return -EPERM; @@ -628,3 +631,9 @@ void acct_clear_integrals(struct task_st tsk->acct_rss_mem1 = 0; tsk->acct_vm_mem1 = 0; } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/kernel/capability.c linux-2.6.18-cher1/kernel/capability.c --- linux-2.6.18/kernel/capability.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/capability.c 2007-08-04 11:31:20.000000000 +0400 @@ -49,6 +49,9 @@ asmlinkage long sys_capget(cap_user_head struct task_struct *target; struct __user_cap_data_struct data; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (get_user(version, &header->version)) return -EFAULT; @@ -176,6 +179,9 @@ asmlinkage long sys_capset(cap_user_head int ret; pid_t pid; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (get_user(version, &header->version)) return -EFAULT; diff -ruNp linux-2.6.18/kernel/compat.c linux-2.6.18-cher1/kernel/compat.c --- linux-2.6.18/kernel/compat.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/compat.c 2007-08-04 11:31:20.000000000 +0400 @@ -441,6 +441,9 @@ asmlinkage long compat_sys_sched_setaffi cpumask_t new_mask; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = compat_get_user_cpu_mask(user_mask_ptr, len, &new_mask); if (retval) return retval; @@ -456,6 +459,9 @@ asmlinkage long compat_sys_sched_getaffi unsigned long *k; unsigned int min_length = sizeof(cpumask_t); + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (NR_CPUS <= BITS_PER_COMPAT_LONG) min_length = sizeof(compat_ulong_t); @@ -749,6 +755,9 @@ compat_sys_rt_sigtimedwait (compat_sigse siginfo_t info; long ret, timeout = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (sigsetsize != sizeof(sigset_t)) return -EINVAL; @@ -828,6 +837,9 @@ asmlinkage long compat_sys_stime(compat_ struct timespec tv; int err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (get_user(tv.tv_sec, tptr)) return -EFAULT; @@ -876,6 +888,9 @@ asmlinkage long compat_sys_adjtimex(stru struct timex txc; int ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + memset(&txc, 0, sizeof(struct timex)); if (!access_ok(VERIFY_READ, utp, sizeof(struct compat_timex)) || diff -ruNp linux-2.6.18/kernel/exec_domain.c linux-2.6.18-cher1/kernel/exec_domain.c --- linux-2.6.18/kernel/exec_domain.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/exec_domain.c 2007-08-04 11:31:20.000000000 +0400 @@ -194,6 +194,9 @@ sys_personality(u_long personality) { u_long old = current->personality; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return old; + if (personality != 0xffffffff) { set_personality(personality); if (current->personality != personality) diff -ruNp linux-2.6.18/kernel/exit.c linux-2.6.18-cher1/kernel/exit.c --- linux-2.6.18/kernel/exit.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/exit.c 2007-08-04 11:31:20.000000000 +0400 @@ -1099,7 +1099,7 @@ static int wait_task_zombie(struct task_ { unsigned long state; int retval; - int status; + int status, status2; if (unlikely(noreap)) { pid_t pid = p->pid; @@ -1193,8 +1193,11 @@ static int wait_task_zombie(struct task_ retval = ru ? getrusage(p, RUSAGE_BOTH, ru) : 0; status = (p->signal->flags & SIGNAL_GROUP_EXIT) ? p->signal->group_exit_code : p->exit_code; + status2 = status; + if ((p->sbox_flags & SBOX_WAS_MEMLIMIT)) + status2 |= 0x10000; if (!retval && stat_addr) - retval = put_user(status, stat_addr); + retval = put_user(status2, stat_addr); if (!retval && infop) retval = put_user(SIGCHLD, &infop->si_signo); if (!retval && infop) @@ -1595,6 +1598,9 @@ asmlinkage long sys_waitid(int which, pi { long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (options & ~(WNOHANG|WNOWAIT|WEXITED|WSTOPPED|WCONTINUED)) return -EINVAL; if (!(options & (WEXITED|WSTOPPED|WCONTINUED))) @@ -1629,6 +1635,9 @@ asmlinkage long sys_wait4(pid_t pid, int { long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (options & ~(WNOHANG|WUNTRACED|WCONTINUED| __WNOTHREAD|__WCLONE|__WALL)) return -EINVAL; @@ -1651,3 +1660,9 @@ asmlinkage long sys_waitpid(pid_t pid, i } #endif + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/kernel/fork.c linux-2.6.18-cher1/kernel/fork.c --- linux-2.6.18/kernel/fork.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/fork.c 2007-08-04 11:31:20.000000000 +0400 @@ -872,7 +872,10 @@ static inline int copy_signal(unsigned l memcpy(sig->rlim, current->signal->rlim, sizeof sig->rlim); task_unlock(current->group_leader); - if (sig->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) { + if (sig->rlim[RLIMIT_MCPU].rlim_cur != RLIM_INFINITY) { + tsk->it_prof_expires = + msecs_to_cputime(sig->rlim[RLIMIT_MCPU].rlim_cur); + } else if (sig->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) { /* * New sole thread in the process gets an expiry time * of the whole CPU time limit. @@ -1210,6 +1213,7 @@ static struct task_struct *copy_process( !cputime_eq(current->signal->it_prof_expires, cputime_zero) || current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY || + current->signal->rlim[RLIMIT_MCPU].rlim_cur != RLIM_INFINITY || !list_empty(¤t->signal->cpu_timers[0]) || !list_empty(¤t->signal->cpu_timers[1]) || !list_empty(¤t->signal->cpu_timers[2])) { @@ -1347,6 +1351,9 @@ long do_fork(unsigned long clone_flags, struct pid *pid = alloc_pid(); long nr; + if (unlikely(current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!pid) return -EAGAIN; nr = pid->nr; @@ -1598,6 +1605,9 @@ asmlinkage long sys_unshare(unsigned lon struct files_struct *fd, *new_fd = NULL; struct sem_undo_list *new_ulist = NULL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + check_unshare_flags(&unshare_flags); /* Return -EINVAL for all unsupported flags */ @@ -1686,3 +1696,9 @@ bad_unshare_cleanup_thread: bad_unshare_out: return err; } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/kernel/kexec.c linux-2.6.18-cher1/kernel/kexec.c --- linux-2.6.18/kernel/kexec.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/kexec.c 2007-08-04 11:31:20.000000000 +0400 @@ -919,6 +919,9 @@ asmlinkage long sys_kexec_load(unsigned int locked; int result; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* We only trust the superuser with rebooting the system. */ if (!capable(CAP_SYS_BOOT)) return -EPERM; diff -ruNp linux-2.6.18/kernel/module.c linux-2.6.18-cher1/kernel/module.c --- linux-2.6.18/kernel/module.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/module.c 2007-08-04 11:31:20.000000000 +0400 @@ -650,6 +650,9 @@ sys_delete_module(const char __user *nam char name[MODULE_NAME_LEN]; int ret, forced = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SYS_MODULE)) return -EPERM; @@ -1881,6 +1884,9 @@ sys_init_module(void __user *umod, struct module *mod; int ret = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* Must have permission */ if (!capable(CAP_SYS_MODULE)) return -EPERM; diff -ruNp linux-2.6.18/kernel/posix-cpu-timers.c linux-2.6.18-cher1/kernel/posix-cpu-timers.c --- linux-2.6.18/kernel/posix-cpu-timers.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/posix-cpu-timers.c 2007-08-04 11:31:20.000000000 +0400 @@ -630,6 +630,10 @@ static void arm_timer(struct k_itimer *t cputime_lt(p->signal->it_prof_expires, timer->it.cpu.expires.cpu)) break; + i = p->signal->rlim[RLIMIT_MCPU].rlim_cur; + if (i != RLIM_INFINITY && + i <= cputime_to_msecs(timer->it.cpu.expires.cpu)) + break; i = p->signal->rlim[RLIMIT_CPU].rlim_cur; if (i != RLIM_INFINITY && i <= cputime_to_secs(timer->it.cpu.expires.cpu)) @@ -1015,6 +1019,7 @@ static void check_process_timers(struct if (list_empty(&timers[CPUCLOCK_PROF]) && cputime_eq(sig->it_prof_expires, cputime_zero) && sig->rlim[RLIMIT_CPU].rlim_cur == RLIM_INFINITY && + sig->rlim[RLIMIT_MCPU].rlim_cur == RLIM_INFINITY && list_empty(&timers[CPUCLOCK_VIRT]) && cputime_eq(sig->it_virt_expires, cputime_zero) && list_empty(&timers[CPUCLOCK_SCHED])) @@ -1141,6 +1146,33 @@ static void check_process_timers(struct prof_expires = x; } } + if (sig->rlim[RLIMIT_MCPU].rlim_cur != RLIM_INFINITY) { + unsigned long psecs = cputime_to_msecs(ptime); + cputime_t x; + if (psecs >= sig->rlim[RLIMIT_MCPU].rlim_max) { + /* + * At the hard limit, we just die. + * No need to calculate anything else now. + */ + __group_send_sig_info(SIGKILL, SEND_SIG_PRIV, tsk); + return; + } + if (psecs >= sig->rlim[RLIMIT_MCPU].rlim_cur) { + /* + * At the soft limit, send a SIGXCPU every second. + */ + __group_send_sig_info(SIGXCPU, SEND_SIG_PRIV, tsk); + if (sig->rlim[RLIMIT_MCPU].rlim_cur + < sig->rlim[RLIMIT_MCPU].rlim_max) { + sig->rlim[RLIMIT_MCPU].rlim_cur++; + } + } + x = msecs_to_cputime(sig->rlim[RLIMIT_MCPU].rlim_cur); + if (cputime_eq(prof_expires, cputime_zero) || + cputime_lt(x, prof_expires)) { + prof_expires = x; + } + } if (!cputime_eq(prof_expires, cputime_zero) || !cputime_eq(virt_expires, cputime_zero) || @@ -1372,6 +1404,9 @@ void set_process_cpu_timer(struct task_s if (tsk->signal->rlim[RLIMIT_CPU].rlim_cur < cputime_to_secs(*newval)) return; + if (tsk->signal->rlim[RLIMIT_MCPU].rlim_cur + < cputime_to_msecs(*newval)) + return; } /* diff -ruNp linux-2.6.18/kernel/posix-timers.c linux-2.6.18-cher1/kernel/posix-timers.c --- linux-2.6.18/kernel/posix-timers.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/posix-timers.c 2007-08-04 11:31:20.000000000 +0400 @@ -442,6 +442,9 @@ sys_timer_create(const clockid_t which_c sigevent_t event; int it_id_set = IT_ID_NOT_SET; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (invalid_clockid(which_clock)) return -EINVAL; @@ -654,6 +657,9 @@ sys_timer_gettime(timer_t timer_id, stru struct itimerspec cur_setting; unsigned long flags; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + timr = lock_timer(timer_id, &flags); if (!timr) return -EINVAL; @@ -684,6 +690,9 @@ sys_timer_getoverrun(timer_t timer_id) int overrun; long flags; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + timr = lock_timer(timer_id, &flags); if (!timr) return -EINVAL; @@ -757,6 +766,9 @@ sys_timer_settime(timer_t timer_id, int long flag; struct itimerspec *rtn = old_setting ? &old_spec : NULL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!new_setting) return -EINVAL; @@ -808,6 +820,9 @@ sys_timer_delete(timer_t timer_id) struct k_itimer *timer; long flags; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retry_delete: timer = lock_timer(timer_id, &flags); if (!timer) @@ -900,6 +915,9 @@ asmlinkage long sys_clock_settime(const { struct timespec new_tp; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (invalid_clockid(which_clock)) return -EINVAL; if (copy_from_user(&new_tp, tp, sizeof (*tp))) @@ -914,6 +932,9 @@ sys_clock_gettime(const clockid_t which_ struct timespec kernel_tp; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (invalid_clockid(which_clock)) return -EINVAL; error = CLOCK_DISPATCH(which_clock, clock_get, @@ -931,6 +952,9 @@ sys_clock_getres(const clockid_t which_c struct timespec rtn_tp; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (invalid_clockid(which_clock)) return -EINVAL; @@ -961,6 +985,9 @@ sys_clock_nanosleep(const clockid_t whic { struct timespec t; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (invalid_clockid(which_clock)) return -EINVAL; @@ -973,3 +1000,9 @@ sys_clock_nanosleep(const clockid_t whic return CLOCK_DISPATCH(which_clock, nsleep, (which_clock, flags, &t, rmtp)); } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/kernel/printk.c linux-2.6.18-cher1/kernel/printk.c --- linux-2.6.18/kernel/printk.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/printk.c 2007-08-04 11:31:20.000000000 +0400 @@ -318,6 +318,9 @@ asmlinkage long sys_syslog(int type, cha { int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((type == 2) || (type == 9)) { /* * These operation can also be invoked through /proc/kmsg, but diff -ruNp linux-2.6.18/kernel/ptrace.c linux-2.6.18-cher1/kernel/ptrace.c --- linux-2.6.18/kernel/ptrace.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/ptrace.c 2007-08-04 11:31:20.000000000 +0400 @@ -506,6 +506,18 @@ asmlinkage long sys_ptrace(long request, struct task_struct *child; long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + if (request == PTRACE_MEMLIMIT) { + current->sbox_flags |= SBOX_MEMLIMITON; + return 0; + } + if (request == PTRACE_NO_SYSCALLS) { + current->sbox_flags |= SBOX_NO_SYSCALLS; + return 0; + } + /* * This lock_kernel fixes a subtle race with suid exec */ @@ -541,3 +553,9 @@ asmlinkage long sys_ptrace(long request, return ret; } #endif /* __ARCH_SYS_PTRACE */ + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/kernel/sched.c linux-2.6.18-cher1/kernel/sched.c --- linux-2.6.18/kernel/sched.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/sched.c 2007-08-04 11:31:20.000000000 +0400 @@ -3940,6 +3940,9 @@ asmlinkage long sys_nice(int increment) { long nice, retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* * Setpriority might change our priority at the same moment. * We don't have to worry. Conceptually one call occurs first @@ -4177,6 +4180,9 @@ do_sched_setscheduler(pid_t pid, int pol asmlinkage long sys_sched_setscheduler(pid_t pid, int policy, struct sched_param __user *param) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* negative values for policy are not valid */ if (policy < 0) return -EINVAL; @@ -4191,6 +4197,9 @@ asmlinkage long sys_sched_setscheduler(p */ asmlinkage long sys_sched_setparam(pid_t pid, struct sched_param __user *param) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + return do_sched_setscheduler(pid, -1, param); } @@ -4203,6 +4212,9 @@ asmlinkage long sys_sched_getscheduler(p struct task_struct *p; int retval = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (pid < 0) goto out_nounlock; @@ -4231,6 +4243,9 @@ asmlinkage long sys_sched_getparam(pid_t struct task_struct *p; int retval = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!param || pid < 0) goto out_nounlock; @@ -4326,6 +4341,9 @@ asmlinkage long sys_sched_setaffinity(pi cpumask_t new_mask; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = get_user_cpu_mask(user_mask_ptr, len, &new_mask); if (retval) return retval; @@ -4388,6 +4406,9 @@ asmlinkage long sys_sched_getaffinity(pi int ret; cpumask_t mask; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (len < sizeof(cpumask_t)) return -EINVAL; @@ -6882,3 +6903,9 @@ void set_curr_task(int cpu, struct task_ } #endif + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/kernel/signal.c linux-2.6.18-cher1/kernel/signal.c --- linux-2.6.18/kernel/signal.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/signal.c 2007-08-04 11:48:45.000000000 +0400 @@ -1159,6 +1159,20 @@ EXPORT_SYMBOL_GPL(kill_proc_info_as_uid) static int kill_something_info(int sig, struct siginfo *info, int pid) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) { + if (pid != current->pid) { + return -EPERM; + } else if (!pid) { + pid = current->pid; + } else if (pid == -1) { + return -EPERM; + } else if (pid < 0 && current->signal->pgrp != -pid) { + return -EPERM; + } else if (pid < 0) { + pid = current->pid; + } + } + if (!pid) { return kill_pg_info(sig, info, process_group(current)); } else if (pid == -1) { @@ -1978,6 +1992,9 @@ sys_rt_sigprocmask(int how, sigset_t __u int error = -EINVAL; sigset_t old_set, new_set; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* XXX: Don't preclude handling different sized sigset_t's. */ if (sigsetsize != sizeof(sigset_t)) goto out; @@ -2035,6 +2052,9 @@ out: asmlinkage long sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + return do_sigpending(set, sigsetsize); } @@ -2114,6 +2134,9 @@ sys_rt_sigtimedwait(const sigset_t __use siginfo_t info; long timeout = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* XXX: Don't preclude handling different sized sigset_t's. */ if (sigsetsize != sizeof(sigset_t)) return -EINVAL; @@ -2238,6 +2261,9 @@ static int do_tkill(int tgid, int pid, i */ asmlinkage long sys_tgkill(int tgid, int pid, int sig) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* This is only valid for single tasks */ if (pid <= 0 || tgid <= 0) return -EINVAL; @@ -2251,6 +2277,9 @@ asmlinkage long sys_tgkill(int tgid, int asmlinkage long sys_tkill(int pid, int sig) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* This is only valid for single tasks */ if (pid <= 0) return -EINVAL; @@ -2263,6 +2292,9 @@ sys_rt_sigqueueinfo(int pid, int sig, si { siginfo_t info; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (copy_from_user(&info, uinfo, sizeof(siginfo_t))) return -EFAULT; @@ -2401,6 +2433,9 @@ out: asmlinkage long sys_sigpending(old_sigset_t __user *set) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + return do_sigpending(set, sizeof(*set)); } @@ -2416,6 +2451,9 @@ sys_sigprocmask(int how, old_sigset_t __ int error; old_sigset_t old_set, new_set; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (set) { error = -EFAULT; if (copy_from_user(&new_set, set, sizeof(*set))) @@ -2507,6 +2545,9 @@ sys_ssetmask(int newmask) { int old; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + spin_lock_irq(¤t->sighand->siglock); old = current->blocked.sig[0]; @@ -2544,6 +2585,9 @@ sys_signal(int sig, __sighandler_t handl asmlinkage long sys_pause(void) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + current->state = TASK_INTERRUPTIBLE; schedule(); return -ERESTARTNOHAND; @@ -2556,6 +2600,9 @@ asmlinkage long sys_rt_sigsuspend(sigset { sigset_t newset; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* XXX: Don't preclude handling different sized sigset_t's. */ if (sigsetsize != sizeof(sigset_t)) return -EINVAL; @@ -2585,3 +2632,9 @@ void __init signals_init(void) __alignof__(struct sigqueue), SLAB_PANIC, NULL, NULL); } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/kernel/sys.c linux-2.6.18-cher1/kernel/sys.c --- linux-2.6.18/kernel/sys.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/sys.c 2007-08-04 11:50:57.000000000 +0400 @@ -465,6 +465,9 @@ asmlinkage long sys_setpriority(int whic struct user_struct *user; int error = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (which > 2 || which < 0) goto out; @@ -525,6 +528,9 @@ asmlinkage long sys_getpriority(int whic struct user_struct *user; long niceval, retval = -ESRCH; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (which > 2 || which < 0) return -EINVAL; @@ -682,6 +688,9 @@ asmlinkage long sys_reboot(int magic1, i { char buffer[256]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* We only trust the superuser with rebooting the system. */ if (!capable(CAP_SYS_BOOT)) return -EPERM; @@ -805,6 +814,9 @@ asmlinkage long sys_setregid(gid_t rgid, int new_egid = old_egid; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE); if (retval) return retval; @@ -853,6 +865,9 @@ asmlinkage long sys_setgid(gid_t gid) int old_egid = current->egid; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID); if (retval) return retval; @@ -929,6 +944,9 @@ asmlinkage long sys_setreuid(uid_t ruid, int old_ruid, old_euid, old_suid, new_ruid, new_euid; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE); if (retval) return retval; @@ -993,6 +1011,9 @@ asmlinkage long sys_setuid(uid_t uid) int old_ruid, old_suid, new_ruid, new_suid; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID); if (retval) return retval; @@ -1034,6 +1055,9 @@ asmlinkage long sys_setresuid(uid_t ruid int old_suid = current->suid; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES); if (retval) return retval; @@ -1089,6 +1113,9 @@ asmlinkage long sys_setresgid(gid_t rgid { int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES); if (retval) return retval; @@ -1145,6 +1172,9 @@ asmlinkage long sys_setfsuid(uid_t uid) { int old_fsuid; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + old_fsuid = current->fsuid; if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)) return old_fsuid; @@ -1176,6 +1206,9 @@ asmlinkage long sys_setfsgid(gid_t gid) { int old_fsgid; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + old_fsgid = current->fsgid; if (security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)) return old_fsgid; @@ -1253,6 +1286,9 @@ asmlinkage long sys_setpgid(pid_t pid, p struct task_struct *group_leader = current->group_leader; int err = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!pid) pid = group_leader->pid; if (!pgid) @@ -1379,6 +1415,9 @@ asmlinkage long sys_setsid(void) pid_t session; int err = -EPERM; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + mutex_lock(&tty_mutex); write_lock_irq(&tasklist_lock); @@ -1621,6 +1660,9 @@ asmlinkage long sys_setgroups(int gidset struct group_info *group_info; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SETGID)) return -EPERM; if ((unsigned)gidsetsize > NGROUPS_MAX) @@ -1686,6 +1728,9 @@ asmlinkage long sys_sethostname(char __u int errno; char tmp[__NEW_UTS_LEN]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SYS_ADMIN)) return -EPERM; if (len < 0 || len > __NEW_UTS_LEN) @@ -1731,6 +1776,9 @@ asmlinkage long sys_setdomainname(char _ int errno; char tmp[__NEW_UTS_LEN]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SYS_ADMIN)) return -EPERM; if (len < 0 || len > __NEW_UTS_LEN) @@ -1788,8 +1836,12 @@ asmlinkage long sys_setrlimit(unsigned i { struct rlimit new_rlim, *old_rlim; unsigned long it_prof_secs; + unsigned long it_prof_msecs; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (resource >= RLIM_NLIMITS) return -EINVAL; if (copy_from_user(&new_rlim, rlim, sizeof(*rlim))) @@ -1811,6 +1863,25 @@ asmlinkage long sys_setrlimit(unsigned i *old_rlim = new_rlim; task_unlock(current->group_leader); + if (resource == RLIMIT_MCPU && new_rlim.rlim_cur != RLIM_INFINITY) { + it_prof_msecs = cputime_to_msecs(current->signal->it_prof_expires); + if (it_prof_msecs == 0 || new_rlim.rlim_cur <= it_prof_msecs) { + unsigned long rlim_cur = new_rlim.rlim_cur; + cputime_t cputime; + + if (rlim_cur == 0) { + rlim_cur = 1; + } + cputime = msecs_to_cputime(rlim_cur); + read_lock(&tasklist_lock); + spin_lock_irq(¤t->sighand->siglock); + set_process_cpu_timer(current, CPUCLOCK_PROF, &cputime, NULL); + spin_unlock_irq(¤t->sighand->siglock); + read_unlock(&tasklist_lock); + } + goto out; + } + if (resource != RLIMIT_CPU) goto out; @@ -1955,6 +2026,9 @@ asmlinkage long sys_getrusage(int who, s asmlinkage long sys_umask(int mask) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return current->fs->umask; + mask = xchg(¤t->fs->umask, mask & S_IRWXUGO); return mask; } @@ -1964,6 +2038,9 @@ asmlinkage long sys_prctl(int option, un { long error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = security_task_prctl(option, arg2, arg3, arg4, arg5); if (error) return error; @@ -2062,3 +2139,9 @@ asmlinkage long sys_prctl(int option, un } return error; } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/kernel/sysctl.c linux-2.6.18-cher1/kernel/sysctl.c --- linux-2.6.18/kernel/sysctl.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/sysctl.c 2007-08-04 11:51:52.000000000 +0400 @@ -1188,6 +1188,9 @@ asmlinkage long sys_sysctl(struct __sysc struct __sysctl_args tmp; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (copy_from_user(&tmp, args, sizeof(tmp))) return -EFAULT; diff -ruNp linux-2.6.18/kernel/time.c linux-2.6.18-cher1/kernel/time.c --- linux-2.6.18/kernel/time.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/time.c 2007-08-04 11:31:20.000000000 +0400 @@ -83,6 +83,9 @@ asmlinkage long sys_stime(time_t __user struct timespec tv; int err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (get_user(tv.tv_sec, tptr)) return -EFAULT; @@ -188,6 +191,9 @@ asmlinkage long sys_settimeofday(struct struct timespec new_ts; struct timezone new_tz; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (tv) { if (copy_from_user(&user_tv, tv, sizeof(*tv))) return -EFAULT; @@ -380,6 +386,9 @@ asmlinkage long sys_adjtimex(struct time struct timex txc; /* Local copy of parameter */ int ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* Copy the user data space into the kernel copy * structure. But bear in mind that the structures * may change @@ -660,3 +669,9 @@ EXPORT_SYMBOL(get_jiffies_64); #endif EXPORT_SYMBOL(jiffies); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/kernel/timer.c linux-2.6.18-cher1/kernel/timer.c --- linux-2.6.18/kernel/timer.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/timer.c 2007-08-04 11:52:55.000000000 +0400 @@ -1480,6 +1480,9 @@ asmlinkage long sys_sysinfo(struct sysin unsigned int mem_unit, bitcount; unsigned long seq; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + memset((char *)&val, 0, sizeof(struct sysinfo)); do { @@ -1910,3 +1913,9 @@ unsigned long msleep_interruptible(unsig } EXPORT_SYMBOL(msleep_interruptible); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/kernel/uid16.c linux-2.6.18-cher1/kernel/uid16.c --- linux-2.6.18/kernel/uid16.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/kernel/uid16.c 2007-08-04 11:31:20.000000000 +0400 @@ -189,6 +189,9 @@ asmlinkage long sys_setgroups16(int gids struct group_info *group_info; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SETGID)) return -EPERM; if ((unsigned)gidsetsize > NGROUPS_MAX) @@ -228,3 +231,9 @@ asmlinkage long sys_getegid16(void) { return high2lowgid(current->egid); } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/mm/filemap.c linux-2.6.18-cher1/mm/filemap.c --- linux-2.6.18/mm/filemap.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/mm/filemap.c 2007-08-04 11:31:20.000000000 +0400 @@ -1290,6 +1290,9 @@ asmlinkage ssize_t sys_readahead(int fd, ssize_t ret; struct file *file; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ret = -EBADF; file = fget(fd); if (file) { diff -ruNp linux-2.6.18/mm/madvise.c linux-2.6.18-cher1/mm/madvise.c --- linux-2.6.18/mm/madvise.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/mm/madvise.c 2007-08-04 11:53:29.000000000 +0400 @@ -261,6 +261,9 @@ asmlinkage long sys_madvise(unsigned lon int error = -EINVAL; size_t len; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + down_write(¤t->mm->mmap_sem); if (start & ~PAGE_MASK) diff -ruNp linux-2.6.18/mm/mempolicy.c linux-2.6.18-cher1/mm/mempolicy.c --- linux-2.6.18/mm/mempolicy.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/mm/mempolicy.c 2007-08-04 11:31:20.000000000 +0400 @@ -874,6 +874,9 @@ asmlinkage long sys_mbind(unsigned long nodemask_t nodes; int err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + err = get_nodes(&nodes, nmask, maxnode); if (err) return err; @@ -887,6 +890,9 @@ asmlinkage long sys_set_mempolicy(int mo int err; nodemask_t nodes; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (mode < 0 || mode > MPOL_MAX) return -EINVAL; err = get_nodes(&nodes, nmask, maxnode); @@ -906,6 +912,9 @@ asmlinkage long sys_migrate_pages(pid_t nodemask_t task_nodes; int err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + err = get_nodes(&old, old_nodes, maxnode); if (err) return err; @@ -968,6 +977,9 @@ asmlinkage long sys_get_mempolicy(int __ int err, pval; nodemask_t nodes; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (nmask != NULL && maxnode < MAX_NUMNODES) return -EINVAL; @@ -997,6 +1009,9 @@ asmlinkage long compat_sys_get_mempolicy unsigned long nr_bits, alloc_size; DECLARE_BITMAP(bm, MAX_NUMNODES); + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + nr_bits = min_t(unsigned long, maxnode-1, MAX_NUMNODES); alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8; @@ -1023,6 +1038,9 @@ asmlinkage long compat_sys_set_mempolicy unsigned long nr_bits, alloc_size; DECLARE_BITMAP(bm, MAX_NUMNODES); + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + nr_bits = min_t(unsigned long, maxnode-1, MAX_NUMNODES); alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8; @@ -1047,6 +1065,9 @@ asmlinkage long compat_sys_mbind(compat_ unsigned long nr_bits, alloc_size; nodemask_t bm; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + nr_bits = min_t(unsigned long, maxnode-1, MAX_NUMNODES); alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8; @@ -1901,3 +1922,8 @@ out: return 0; } +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/mm/migrate.c linux-2.6.18-cher1/mm/migrate.c --- linux-2.6.18/mm/migrate.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/mm/migrate.c 2007-08-04 11:31:20.000000000 +0400 @@ -871,6 +871,9 @@ asmlinkage long sys_move_pages(pid_t pid struct mm_struct *mm; struct page_to_node *pm = NULL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* Check flags */ if (flags & ~(MPOL_MF_MOVE|MPOL_MF_MOVE_ALL)) return -EINVAL; diff -ruNp linux-2.6.18/mm/mincore.c linux-2.6.18-cher1/mm/mincore.c --- linux-2.6.18/mm/mincore.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/mm/mincore.c 2007-08-04 11:54:04.000000000 +0400 @@ -116,6 +116,9 @@ asmlinkage long sys_mincore(unsigned lon unsigned long pages; unsigned char *tmp; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* Check the start address: needs to be page-aligned.. */ if (start & ~PAGE_CACHE_MASK) return -EINVAL; diff -ruNp linux-2.6.18/mm/mlock.c linux-2.6.18-cher1/mm/mlock.c --- linux-2.6.18/mm/mlock.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/mm/mlock.c 2007-08-04 11:31:20.000000000 +0400 @@ -127,6 +127,9 @@ asmlinkage long sys_mlock(unsigned long unsigned long lock_limit; int error = -ENOMEM; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!can_do_mlock()) return -EPERM; @@ -151,6 +154,9 @@ asmlinkage long sys_munlock(unsigned lon { int ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + down_write(¤t->mm->mmap_sem); len = PAGE_ALIGN(len + (start & ~PAGE_MASK)); start &= PAGE_MASK; @@ -189,6 +195,9 @@ asmlinkage long sys_mlockall(int flags) unsigned long lock_limit; int ret = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!flags || (flags & ~(MCL_CURRENT | MCL_FUTURE))) goto out; @@ -214,6 +223,9 @@ asmlinkage long sys_munlockall(void) { int ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + down_write(¤t->mm->mmap_sem); ret = do_mlockall(0); up_write(¤t->mm->mmap_sem); @@ -252,3 +264,9 @@ void user_shm_unlock(size_t size, struct spin_unlock(&shmlock_user_lock); free_uid(user); } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/mm/mmap.c linux-2.6.18-cher1/mm/mmap.c --- linux-2.6.18/mm/mmap.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/mm/mmap.c 2007-08-04 11:31:20.000000000 +0400 @@ -244,8 +244,13 @@ asmlinkage unsigned long sys_brk(unsigne * not page aligned -Ram Gupta */ rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur; - if (rlim < RLIM_INFINITY && brk - mm->start_data > rlim) + if (rlim < RLIM_INFINITY && brk - mm->start_data > rlim) { + if ((current->sbox_flags & SBOX_MEMLIMITON)) { + current->sbox_flags |= SBOX_WAS_MEMLIMIT; + send_sig(SIGKILL, current, 0); + } goto out; + } newbrk = PAGE_ALIGN(brk); oldbrk = PAGE_ALIGN(mm->brk); @@ -1479,8 +1484,13 @@ static int acct_stack_growth(struct vm_a return -ENOMEM; /* Stack limit test */ - if (size > rlim[RLIMIT_STACK].rlim_cur) + if (size > rlim[RLIMIT_STACK].rlim_cur) { + if ((current->sbox_flags & SBOX_MEMLIMITON)) { + current->sbox_flags |= SBOX_WAS_MEMLIMIT; + send_sig(SIGKILL, current, 0); + } return -ENOMEM; + } /* mlock limit tests */ if (vma->vm_flags & VM_LOCKED) { @@ -2083,7 +2093,18 @@ int may_expand_vm(struct mm_struct *mm, lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT; - if (cur + npages > lim) + if (cur + npages > lim) { + if ((current->sbox_flags & SBOX_MEMLIMITON)) { + current->sbox_flags |= SBOX_WAS_MEMLIMIT; + send_sig(SIGKILL, current, 0); + } return 0; + } return 1; } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.18/mm/mprotect.c linux-2.6.18-cher1/mm/mprotect.c --- linux-2.6.18/mm/mprotect.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/mm/mprotect.c 2007-08-04 11:31:20.000000000 +0400 @@ -210,6 +210,10 @@ sys_mprotect(unsigned long start, size_t struct vm_area_struct *vma, *prev; int error = -EINVAL; const int grows = prot & (PROT_GROWSDOWN|PROT_GROWSUP); + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + prot &= ~(PROT_GROWSDOWN|PROT_GROWSUP); if (grows == (PROT_GROWSDOWN|PROT_GROWSUP)) /* can't be both */ return -EINVAL; diff -ruNp linux-2.6.18/mm/mremap.c linux-2.6.18-cher1/mm/mremap.c --- linux-2.6.18/mm/mremap.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/mm/mremap.c 2007-08-04 11:31:20.000000000 +0400 @@ -408,6 +408,9 @@ asmlinkage unsigned long sys_mremap(unsi { unsigned long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + down_write(¤t->mm->mmap_sem); ret = do_mremap(addr, old_len, new_len, flags, new_addr); up_write(¤t->mm->mmap_sem); diff -ruNp linux-2.6.18/mm/swapfile.c linux-2.6.18-cher1/mm/swapfile.c --- linux-2.6.18/mm/swapfile.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/mm/swapfile.c 2007-08-04 11:31:20.000000000 +0400 @@ -1146,6 +1146,9 @@ asmlinkage long sys_swapoff(const char _ int i, type, prev; int err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SYS_ADMIN)) return -EPERM; @@ -1384,6 +1387,9 @@ asmlinkage long sys_swapon(const char __ struct inode *inode = NULL; int did_down = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SYS_ADMIN)) return -EPERM; spin_lock(&swap_lock); diff -ruNp linux-2.6.18/net/compat.c linux-2.6.18-cher1/net/compat.c --- linux-2.6.18/net/compat.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/net/compat.c 2007-08-04 11:55:19.000000000 +0400 @@ -476,6 +476,9 @@ asmlinkage long compat_sys_setsockopt(in int err; struct socket *sock; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (level == SOL_IPV6 && optname == IPT_SO_SET_REPLACE) return do_netfilter_replace(fd, level, optname, optval, optlen); @@ -567,6 +570,9 @@ asmlinkage long compat_sys_getsockopt(in int err; struct socket *sock; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((sock = sockfd_lookup(fd, &err))!=NULL) { err = security_socket_getsockopt(sock, level, @@ -612,6 +618,9 @@ asmlinkage long compat_sys_socketcall(in u32 a[6]; u32 a0, a1; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (call < SYS_SOCKET || call > SYS_RECVMSG) return -EINVAL; if (copy_from_user(a, args, nas[call])) diff -ruNp linux-2.6.18/net/socket.c linux-2.6.18-cher1/net/socket.c --- linux-2.6.18/net/socket.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/net/socket.c 2007-08-04 11:56:32.000000000 +0400 @@ -1241,6 +1241,9 @@ asmlinkage long sys_socket(int family, i int retval; struct socket *sock; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = sock_create(family, type, protocol, &sock); if (retval < 0) goto out; @@ -1267,6 +1270,9 @@ asmlinkage long sys_socketpair(int famil struct socket *sock1, *sock2; int fd1, fd2, err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* * Obtain the first socket and check if the underlying protocol * supports the socketpair call. @@ -1338,6 +1344,9 @@ asmlinkage long sys_bind(int fd, struct char address[MAX_SOCK_ADDR]; int err, fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if((sock = sockfd_lookup_light(fd, &err, &fput_needed))!=NULL) { if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0) { @@ -1365,6 +1374,9 @@ asmlinkage long sys_listen(int fd, int b struct socket *sock; int err, fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((sock = sockfd_lookup_light(fd, &err, &fput_needed)) != NULL) { if ((unsigned) backlog > sysctl_somaxconn) backlog = sysctl_somaxconn; @@ -1398,6 +1410,9 @@ asmlinkage long sys_accept(int fd, struc int err, len, newfd, fput_needed; char address[MAX_SOCK_ADDR]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out; @@ -1480,6 +1495,18 @@ asmlinkage long sys_connect(int fd, stru char address[MAX_SOCK_ADDR]; int err, fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out; @@ -1510,6 +1537,9 @@ asmlinkage long sys_getsockname(int fd, char address[MAX_SOCK_ADDR]; int len, err, fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out; @@ -1540,6 +1570,9 @@ asmlinkage long sys_getpeername(int fd, char address[MAX_SOCK_ADDR]; int len, err, fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((sock = sockfd_lookup_light(fd, &err, &fput_needed)) != NULL) { err = security_socket_getpeername(sock); if (err) { @@ -1572,6 +1605,9 @@ asmlinkage long sys_sendto(int fd, void int fput_needed; struct file *sock_file; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + sock_file = fget_light(fd, &fput_needed); if (!sock_file) return -EBADF; @@ -1630,6 +1666,9 @@ asmlinkage long sys_recvfrom(int fd, voi struct file *sock_file; int fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + sock_file = fget_light(fd, &fput_needed); if (!sock_file) return -EBADF; @@ -1680,6 +1719,9 @@ asmlinkage long sys_setsockopt(int fd, i int err, fput_needed; struct socket *sock; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (optlen < 0) return -EINVAL; @@ -1709,6 +1751,9 @@ asmlinkage long sys_getsockopt(int fd, i int err, fput_needed; struct socket *sock; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((sock = sockfd_lookup_light(fd, &err, &fput_needed)) != NULL) { err = security_socket_getsockopt(sock, level, optname); if (err) @@ -1734,6 +1779,9 @@ asmlinkage long sys_shutdown(int fd, int int err, fput_needed; struct socket *sock; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((sock = sockfd_lookup_light(fd, &err, &fput_needed))!=NULL) { err = security_socket_shutdown(sock, how); @@ -1770,6 +1818,9 @@ asmlinkage long sys_sendmsg(int fd, stru int err, ctl_len, iov_size, total_len; int fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + err = -EFAULT; if (MSG_CMSG_COMPAT & flags) { if (get_compat_msghdr(&msg_sys, msg_compat)) @@ -1777,6 +1828,9 @@ asmlinkage long sys_sendmsg(int fd, stru } else if (copy_from_user(&msg_sys, msg, sizeof(struct msghdr))) return -EFAULT; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out; @@ -1872,6 +1926,9 @@ asmlinkage long sys_recvmsg(int fd, stru struct sockaddr __user *uaddr; int __user *uaddr_len; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (MSG_CMSG_COMPAT & flags) { if (get_compat_msghdr(&msg_sys, msg_compat)) return -EFAULT; @@ -1879,6 +1936,9 @@ asmlinkage long sys_recvmsg(int fd, stru if (copy_from_user(&msg_sys,msg,sizeof(struct msghdr))) return -EFAULT; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out; @@ -1974,6 +2034,9 @@ asmlinkage long sys_socketcall(int call, unsigned long a0,a1; int err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if(call<1||call>SYS_RECVMSG) return -EINVAL; diff -ruNp linux-2.6.18/security/keys/keyctl.c linux-2.6.18-cher1/security/keys/keyctl.c --- linux-2.6.18/security/keys/keyctl.c 2006-09-20 07:42:06.000000000 +0400 +++ linux-2.6.18-cher1/security/keys/keyctl.c 2007-08-04 11:31:20.000000000 +0400 @@ -63,6 +63,9 @@ asmlinkage long sys_add_key(const char _ void *payload; long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ret = -EINVAL; if (plen > 32767) goto error; @@ -143,6 +146,9 @@ asmlinkage long sys_request_key(const ch char type[32], *description, *callout_info; long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* pull the type into kernel space */ ret = key_get_type_from_user(type, _type, sizeof(type)); if (ret < 0) @@ -1062,6 +1068,9 @@ error: asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + switch (option) { case KEYCTL_GET_KEYRING_ID: return keyctl_get_keyring_ID((key_serial_t) arg2,