diff -ruNp linux-2.6.22.10/Makefile linux-2.6.22.10-cher1/Makefile --- linux-2.6.22.10/Makefile 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/Makefile 2007-10-21 02:05:32.000000000 +0400 @@ -1,7 +1,7 @@ VERSION = 2 PATCHLEVEL = 6 SUBLEVEL = 22 -EXTRAVERSION = .10 +EXTRAVERSION = .10-cher1 NAME = Holy Dancing Manatees, Batman! # *DOCUMENTATION* diff -ruNp linux-2.6.22.10/arch/i386/SYSCALLS.i386 linux-2.6.22.10-cher1/arch/i386/SYSCALLS.i386 --- linux-2.6.22.10/arch/i386/SYSCALLS.i386 1970-01-01 03:00:00.000000000 +0300 +++ linux-2.6.22.10-cher1/arch/i386/SYSCALLS.i386 2007-10-21 02:05:19.000000000 +0400 @@ -0,0 +1,334 @@ +sys_exit OK +sys_fork arch/i386/kernel/process.c * CAP +sys_read OK +sys_write OK +sys_open fs/open.c CAP +sys_close fs/open.c OK +sys_waitpid kernel/exit.c CAP +sys_creat fs/open.c CAP +sys_link fs/namei.c REDIR +sys_unlink fs/namei.c CAP +sys_execve arch/i386/kernel/process.c CAP +sys_chdir fs/open.c CAP +sys_time OK +sys_mknod fs/namei.c REDIR +sys_chmod fs/open.c CAP +sys_lchown16 kernel/uid16.c REDIR +sys_ni_syscall --- +sys_stat fs/stat.c CAP +sys_lseek fs/read_write.c CAP +sys_getpid kernel/timer.c OK +sys_mount fs/namespace.c CAP +sys_oldumount fs/namespace.c REDIR +sys_setuid16 kernel/uid16.c REDIR +sys_getuid16 kernel/uid16.c OK +sys_stime kernel/time.c CAP +sys_ptrace kernel/ptrace.c CAP +sys_alarm kernel/timer.c OK +sys_fstat fs/stat.c CAP +sys_pause kernel/signal.c CAP +sys_utime fs/utimes.c CAP +sys_ni_syscall --- +sys_ni_syscall --- +sys_access fs/open.c CAP +sys_nice kernel/sched.c CAP +sys_ni_syscall --- +sys_sync fs/sync.c CAP +sys_kill kernel/signal.c CAP +sys_rename fs/namei.c REDIR +sys_mkdir fs/namei.c REDIR +sys_rmdir fs/namei.c CAP +sys_dup fs/fcntl.c CAP +sys_pipe arch/i386/kernel/sys_i386.c CAP +sys_times OK +sys_ni_syscall --- +sys_brk OK +sys_setgid16 kernel/uid16.c REDIR +sys_getgid16 kernel/uid16.c OK +sys_signal kernel/signal.c OK +sys_geteuid16 kernel/uid16.c OK +sys_getegid16 kernel/uid16.c OK +sys_acct kernel/acct.c CAP +sys_umount fs/namespace.c CAP +sys_ni_syscall --- +sys_ioctl fs/ioctl.c CAP +sys_fcntl fs/fcntl.c CAP +sys_ni_syscall --- +sys_setpgid kernel/sys.c CAP +sys_ni_syscall --- +sys_olduname arch/i386/kernel/sys_i386.c OK +sys_umask kernel/sys.c CAP +sys_chroot fs/open.c CAP +sys_ustat fs/super.c CAP +sys_dup2 fs/fcntl.c CAP +sys_getppid kernel/timer.c OK +sys_getpgrp kernel/sys.c OK +sys_setsid kernel/sys.c CAP +sys_sigaction arch/i386/kernel/signal.c OK +sys_sgetmask kernel/signal.c OK +sys_ssetmask kernel/signal.c CAP +sys_setreuid16 kernel/uid16.c REDIR +sys_setregid16 kernel/uid16.c REDIR +sys_sigsuspend arch/i386/kernel/signal.c CAP +sys_sigpending kernel/signal.c CAP +sys_sethostname kernel/sys.c CAP +sys_setrlimit kernel/sys.c CAP +sys_old_getrlimit kernel/sys.c OK +sys_getrusage kernel/sys.c OK +sys_gettimeofday kernel/time.c OK +sys_settimeofday kernel/time.c CAP +sys_getgroups16 kernel/uid16.c REDIR +sys_setgroups16 kernel/uid16.c CAP +old_select arch/i386/kernel/sys_i386.c OK +sys_symlink fs/namei.c REDIR +sys_lstat fs/stat.c CAP +sys_readlink fs/stat.c REDIR +sys_uselib fs/exec.c CAP +sys_swapon mm/swapfile.c CAP +sys_reboot kernel/sys.c CAP +old_readdir fs/readdir.c CAP +old_mmap arch/i386/kernel/sys_i386.c OK +sys_munmap OK +sys_truncate fs/open.c CAP +sys_ftruncate fs/open.c CAP +sys_fchmod fs/open.c CAP +sys_fchown16 kernel/uid16.c REDIR +sys_getpriority kernel/sys.c CAP +sys_setpriority kernel/sys.c CAP +sys_ni_syscall --- +sys_statfs fs/open.c CAP +sys_fstatfs fs/open.c CAP +sys_ioperm arch/i386/kernel/ioport.c CAP +sys_socketcall net/socket.c CAP +sys_syslog kernel/printk.c CAP +sys_setitimer OK +sys_getitimer OK +sys_newstat fs/stat.c CAP +sys_newlstat fs/stat.c CAP +sys_newfstat fs/stat.c CAP +sys_uname OK +sys_iopl arch/i386/kernel/ioport.c CAP +sys_vhangup fs/open.c CAP +sys_ni_syscall --- +sys_vm86old arch/i386/kernel/vm86.c CAP +sys_wait4 kernel/exit.c CAP +sys_swapoff mm/swapfile.c CAP +sys_sysinfo kernel/timer.c CAP +sys_ipc arch/i386/kernel/sys_i386.c CAP +sys_fsync fs/sync.c CAP +sys_sigreturn arch/i386/kernel/signal.c OK +sys_clone arch/i386/kernel/process.c * CAP +sys_setdomainname kernel/sys.c CAP +sys_newuname kernel/sys.c OK +sys_modify_ldt arch/i386/kernel/ldt.c CAP +sys_adjtimex kernel/time.c CAP +sys_mprotect mm/mprotect.c CAP +sys_sigprocmask kernel/signal.c CAP +sys_ni_syscall --- +sys_init_module kernel/module.c CAP +sys_delete_module kernel/module.c CAP +sys_ni_syscall --- +sys_quotactl fs/quota.c CAP +sys_getpgid kernel/sys.c CAP +sys_fchdir fs/open.c CAP +sys_bdflush fs/buffer.c CAP +sys_sysfs fs/filesystems.c CAP +sys_personality kernel/exec_domain.c CAP +sys_ni_syscall --- +sys_setfsuid16 kernel/uid16.c REDIR +sys_setfsgid16 kernel/uid16.c REDIR +sys_llseek fs/read_write.c CAP +sys_getdents fs/readdir.c CAP +sys_select OK +sys_flock fs/locks.c CAP +sys_msync OK +sys_readv fs/read_write.c OK +sys_writev fs/read_write.c OK +sys_getsid kernel/sys.c CAP +sys_fdatasync fs/sync.c CAP +sys_sysctl kernel/sysctl.c CAP +sys_mlock mm/mlock.c CAP +sys_munlock mm/mlock.c CAP +sys_mlockall mm/mlock.c CAP +sys_munlockall mm/mlock.c CAP +sys_sched_setparam kernel/sched.c CAP +sys_sched_getparam kernel/sched.c CAP +sys_sched_setscheduler kernel/sched.c CAP +sys_sched_getscheduler kernel/sched.c CAP +sys_sched_yield kernel/sched.c OK +sys_sched_get_priority_max kernel/sched.c OK +sys_sched_get_priority_min kernel/sched.c OK +sys_sched_rr_get_interval kernel/sched.c OK +sys_nanosleep OK? +sys_mremap mm/mremap.c CAP +sys_setresuid16 kernel/uid16.c REDIR +sys_getresuid16 kernel/uid16.c OK? +sys_vm86 arch/i386/kernel/vm86.c CAP +sys_ni_syscall --- +sys_poll OK +sys_nfsservctl fs/nfsctl.c CAP +sys_setresgid16 kernel/uid16.c REDIR +sys_getresgid16 kernel/uid16.c OK? +sys_prctl kernel/sys.c CAP +sys_rt_sigreturn arch/i386/kernel/signal.c OK +sys_rt_sigaction kernel/signal.c OK +sys_rt_sigprocmask kernel/signal.c CAP +sys_rt_sigpending kernel/signal.c CAP +sys_rt_sigtimedwait kernel/signal.c CAP +sys_rt_sigqueueinfo kernel/signal.c CAP +sys_rt_sigsuspend kernel/signal.c CAP +sys_pread64 fs/read_write.c CAP +sys_pwrite64 fs/read_write.c CAP +sys_chown16 kernel/uid16.c REDIR +sys_getcwd fs/dcache.c CAP +sys_capget kernel/capability.c CAP +sys_capset kernel/capability.c CAP +sys_sigaltstack arch/i386/kernel/signal.c OK +sys_sendfile fs/read_write.c CAP +sys_ni_syscall --- +sys_ni_syscall --- +sys_vfork arch/i386/kernel/process.c * CAP +sys_getrlimit kernel/sys.c OK +sys_mmap2 OK +sys_truncate64 fs/open.c CAP +sys_ftruncate64 fs/open.c CAP +sys_stat64 fs/stat.c CAP +sys_lstat64 fs/stat.c CAP +sys_fstat64 fs/stat.c CAP +sys_lchown fs/open.c CAP +sys_getuid kernel/timer.c OK +sys_getgid kernel/timer.c OK +sys_geteuid kernel/timer.c OK +sys_getegid kernel/timer.c OK +sys_setreuid kernel/sys.c CAP +sys_setregid kernel/sys.c CAP +sys_getgroups kernel/sys.c OK +sys_setgroups kernel/sys.c CAP +sys_fchown fs/open.c CAP +sys_setresuid kernel/sys.c CAP +sys_getresuid kernel/sys.c OK +sys_setresgid kernel/sys.c CAP +sys_getresgid kernel/sys.c OK +sys_chown fs/open.c CAP +sys_setuid kernel/sys.c CAP +sys_setgid kernel/sys.c CAP +sys_setfsuid kernel/sys.c CAP +sys_setfsgid kernel/sys.c CAP +sys_pivot_root fs/namespace.c CAP +sys_mincore mm/mincore.c CAP +sys_madvise mm/madvise.c CAP +sys_getdents64 fs/readdir.c CAP +sys_fcntl64 fs/fcntl.c CAP +sys_ni_syscall --- +sys_ni_syscall --- +sys_gettid kernel/timer.c OK +sys_readahead mm/filemap.c CAP +sys_setxattr fs/xattr.c CAP +sys_lsetxattr fs/xattr.c CAP +sys_fsetxattr fs/xattr.c CAP +sys_getxattr fs/xattr.c CAP +sys_lgetxattr fs/xattr.c CAP +sys_fgetxattr fs/xattr.c CAP +sys_listxattr fs/xattr.c CAP +sys_llistxattr fs/xattr.c CAP +sys_flistxattr fs/xattr.c CAP +sys_removexattr fs/xattr.c CAP +sys_lremovexattr fs/xattr.c CAP +sys_fremovexattr fs/xattr.c CAP +sys_tkill fs/signal.c CAP +sys_sendfile64 fs/read_write.c CAP +sys_futex OK +sys_sched_setaffinity kernel/sched.c CAP +sys_sched_getaffinity kernel/sched.c CAP +sys_set_thread_area OK +sys_get_thread_area OK +sys_io_setup fs/aio.c CAP +sys_io_destroy fs/aio.c CAP +sys_io_getevents fs/aio.c CAP +sys_io_submit fs/aio.c CAP +sys_io_cancel fs/aio.c CAP +sys_fadvise64 mm/fadvise.c REDIR +sys_ni_syscall --- +sys_exit_group kernel/exit.c OK? +sys_lookup_dcookie fs/dcookies.c CAP +sys_epoll_create fs/eventpoll.c CAP +sys_epoll_ctl fs/eventpoll.c CAP +sys_epoll_wait fs/eventpoll.c CAP +sys_remap_file_pages mm/fremap.c OK? +sys_set_tid_address OK +sys_timer_create kernel/posix-timers.c CAP +sys_timer_settime kernel/posix-timers.c CAP +sys_timer_gettime kernel/posix-timers.c CAP +sys_timer_getoverrun kernel/posix-timers.c CAP +sys_timer_delete kernel/posix-timers.c CAP +sys_clock_settime kernel/posix-timers.c CAP +sys_clock_gettime kernel/posix-timers.c CAP +sys_clock_getres kernel/posix-timers.c CAP +sys_clock_nanosleep kernel/posix-timers.c CAP +sys_statfs64 fs/open.c CAP +sys_fstatfs64 fs/open.c CAP +sys_tgkill kernel/signal.c CAP +sys_utimes fs/utimes.c REDIR +sys_fadvise64_64 mm/fadvise.c OK +sys_ni_syscall --- +sys_mbind mm/mempolicy.c CAP +sys_get_mempolicy mm/mempolicy.c CAP +sys_set_mempolicy mm/mempolicy.c CAP +sys_mq_open ipc/mqueue.c CAP +sys_mq_unlink ipc/mqueue.c CAP +sys_mq_timedsend ipc/mqueue.c CAP +sys_mq_timedreceive ipc/mqueue.c CAP +sys_mq_notify ipc/mqueue.c CAP +sys_mq_getsetattr ipc/mqueue.c CAP +sys_kexec_load kernel/kexec.c CAP +sys_waitid kernel/exit.c CAP +sys_ni_syscall --- +sys_add_key security/keys/keyctl.c CAP +sys_request_key security/keys/keyctl.c CAP +sys_keyctl security/keys/keyctl.c CAP +sys_ioprio_set fs/ioprio.c CAP +sys_ioprio_get fs/ioprio.c CAP +sys_inotify_init fs/inotify_user.c CAP +sys_inotify_add_watch fs/inotify_user.c CAP +sys_inotify_rm_watch fs/inotify_user.c CAP +sys_migrate_pages mm/mempolicy.c CAP +sys_openat fs/open.c CAP +sys_mkdirat fs/namei.c CAP +sys_mknodat fs/namei.c CAP +sys_fchownat fs/open.c CAP +sys_futimesat fs/utimes.c CAP +sys_fstatat64 fs/stat.c CAP +sys_unlinkat fs/namei.c CAP +sys_renameat fs/namei.c CAP +sys_linkat fs/namei.c CAP +sys_symlinkat fs/namei.c CAP +sys_readlinkat fs/stat.c CAP +sys_fchmodat fs/open.c CAP +sys_faccessat fs/open.c CAP +sys_pselect6 fs/select.c OK +sys_ppoll fs/select.c OK +sys_unshare kernel/fork.c CAP +sys_set_robust_list kernel/futex.c OK? +sys_get_robust_list kernel/futex.c OK? +sys_splice fs/splice.c CAP +sys_sync_file_range fs/sync.c CAP +sys_tee fs/splice.c CAP +sys_vmsplice fs/splice.c CAP +sys_move_pages mm/migrate.c CAP +sys_getcpu kernel/sys.c CAP +sys_epoll_pwait fs/eventpoll.c CAP +sys_utimensat fs/utimes.c CAP +sys_signalfd fs/signalfd.c CAP +sys_timerfd fs/timerfd.c CAP +sys_eventfd fs/eventfd.c CAP + +=== END OF SYSCALL TABLE === +*) The line number corresponds to syscall number +**) sys_fork, sys_vfork, sys_clone -> do_fork (kernel/fork.c) + +Syscall 0: +sys_restart_syscall kernel/signal.c OK + +syscall table in arch/i386/kernel/syscall_table.S + + diff -ruNp linux-2.6.22.10/arch/i386/kernel/ioport.c linux-2.6.22.10-cher1/arch/i386/kernel/ioport.c --- linux-2.6.22.10/arch/i386/kernel/ioport.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/arch/i386/kernel/ioport.c 2007-10-21 02:05:19.000000000 +0400 @@ -62,6 +62,9 @@ asmlinkage long sys_ioperm(unsigned long struct tss_struct * tss; unsigned long *bitmap; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) return -EINVAL; if (turn_on && !capable(CAP_SYS_RAWIO)) @@ -139,6 +142,9 @@ asmlinkage long sys_iopl(unsigned long u unsigned int old = (regs->eflags >> 12) & 3; struct thread_struct *t = ¤t->thread; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (level > 3) return -EINVAL; /* Trying to gain more privileges? */ @@ -151,3 +157,9 @@ asmlinkage long sys_iopl(unsigned long u set_iopl_mask(t->iopl); return 0; } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/arch/i386/kernel/ldt.c linux-2.6.22.10-cher1/arch/i386/kernel/ldt.c --- linux-2.6.22.10/arch/i386/kernel/ldt.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/arch/i386/kernel/ldt.c 2007-10-21 02:05:19.000000000 +0400 @@ -232,6 +232,9 @@ asmlinkage int sys_modify_ldt(int func, { int ret = -ENOSYS; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + switch (func) { case 0: ret = read_ldt(ptr, bytecount); diff -ruNp linux-2.6.22.10/arch/i386/kernel/process.c linux-2.6.22.10-cher1/arch/i386/kernel/process.c --- linux-2.6.22.10/arch/i386/kernel/process.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/arch/i386/kernel/process.c 2007-10-21 02:05:19.000000000 +0400 @@ -765,6 +765,9 @@ asmlinkage int sys_execve(struct pt_regs int error; char * filename; + if ((current->sbox_flags & SBOX_NO_EXEC)) + return -EPERM; + filename = getname((char __user *) regs.ebx); error = PTR_ERR(filename); if (IS_ERR(filename)) @@ -776,6 +779,8 @@ asmlinkage int sys_execve(struct pt_regs if (error == 0) { task_lock(current); current->ptrace &= ~PT_DTRACE; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + current->sbox_flags |= SBOX_NO_EXEC; task_unlock(current); /* Make sure we don't return using sysenter.. */ set_thread_flag(TIF_IRET); @@ -932,3 +937,9 @@ unsigned long arch_align_stack(unsigned sp -= get_random_int() % 8192; return sp & ~0xf; } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/arch/i386/kernel/signal.c linux-2.6.22.10-cher1/arch/i386/kernel/signal.c --- linux-2.6.22.10/arch/i386/kernel/signal.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/arch/i386/kernel/signal.c 2007-10-21 02:05:19.000000000 +0400 @@ -37,6 +37,9 @@ asmlinkage int sys_sigsuspend(int history0, int history1, old_sigset_t mask) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + mask &= _BLOCKABLE; spin_lock_irq(¤t->sighand->siglock); current->saved_sigmask = current->blocked; @@ -658,3 +661,9 @@ void do_notify_resume(struct pt_regs *re clear_thread_flag(TIF_IRET); } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/arch/i386/kernel/sys_i386.c linux-2.6.22.10-cher1/arch/i386/kernel/sys_i386.c --- linux-2.6.22.10/arch/i386/kernel/sys_i386.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/arch/i386/kernel/sys_i386.c 2007-10-21 02:05:19.000000000 +0400 @@ -32,6 +32,9 @@ asmlinkage int sys_pipe(unsigned long __ int fd[2]; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = do_pipe(fd); if (!error) { if (copy_to_user(fildes, fd, 2*sizeof(int))) @@ -126,6 +129,9 @@ asmlinkage int sys_ipc (uint call, int f { int version, ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + version = call >> 16; /* hack for backward compatibility */ call &= 0xffff; @@ -262,3 +268,9 @@ int kernel_execve(const char *filename, : "0" (__NR_execve),"ri" (filename),"c" (argv), "d" (envp) : "memory"); return __res; } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/arch/i386/kernel/vm86.c linux-2.6.22.10-cher1/arch/i386/kernel/vm86.c --- linux-2.6.22.10/arch/i386/kernel/vm86.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/arch/i386/kernel/vm86.c 2007-10-21 02:05:19.000000000 +0400 @@ -208,6 +208,9 @@ asmlinkage int sys_vm86old(struct pt_reg struct task_struct *tsk; int tmp, ret = -EPERM; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + tsk = current; if (tsk->thread.saved_esp0) goto out; @@ -238,6 +241,9 @@ asmlinkage int sys_vm86(struct pt_regs r int tmp, ret; struct vm86plus_struct __user *v86; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + tsk = current; switch (regs.ebx) { case VM86_REQUEST_IRQ: diff -ruNp linux-2.6.22.10/arch/x86_64/SYSCALLS.x86_64 linux-2.6.22.10-cher1/arch/x86_64/SYSCALLS.x86_64 --- linux-2.6.22.10/arch/x86_64/SYSCALLS.x86_64 1970-01-01 03:00:00.000000000 +0300 +++ linux-2.6.22.10-cher1/arch/x86_64/SYSCALLS.x86_64 2007-10-21 02:05:19.000000000 +0400 @@ -0,0 +1,292 @@ +sys_write fs/read_write.c OK +sys_open fs/open.c CAP +sys_close fs/open.c OK +sys_newstat fs/stat.c CAP +sys_newfstat fs/stat.c CAP +sys_newlstat fs/stat.c CAP +sys_poll OK +sys_lseek fs/read_write.c CAP +sys_mmap OK +sys_mprotect mm/mprotect.c CAP +sys_munmap OK +sys_brk OK +sys_rt_sigaction kernel/signal.c OK +sys_rt_sigprocmask kernel/signal.c CAP +stub_rt_sigreturn OK +sys_ioctl fs/ioctl.c CAP +sys_pread64 fs/read_write.c CAP +sys_pwrite64 fs/read_write.c CAP +sys_readv fs/read_write.c OK +sys_writev fs/read_write.c OK +sys_access fs/open.c CAP +sys_pipe arch/x86_64/kernel/sys_x86_64.c CAP +sys_select OK +sys_sched_yield kernel/sched.c OK +sys_mremap mm/mremap.c CAP +sys_msync OK +sys_mincore mm/mincore.c CAP +sys_madvise mm/madvise.c CAP +sys_shmget ipc/shm.c CAP +sys_shmat ipc/shm.c CAP +sys_shmctl ipc/shm.c CAP +sys_dup fs/fcntl.c CAP +sys_dup2 fs/fcntl.c CAP +sys_pause kernel/signal.c CAP +sys_nanosleep OK? +sys_getitimer OK +sys_alarm kernel/timer.c OK +sys_setitimer OK +sys_getpid kernel/timer.c OK +sys_sendfile64 fs/read_write.c CAP +sys_socket net/socket.c CAP +sys_connect net/socket.c CAP +sys_accept net/socket.c CAP +sys_sendto net/socket.c CAP +sys_recvfrom net/socket.c CAP +sys_sendmsg net/socket.c CAP +sys_recvmsg net/socket.c CAP +sys_shutdown net/socket.c CAP +sys_bind net/socket.c CAP +sys_listen net/socket.c CAP +sys_getsockname net/socket.c CAP +sys_getpeername net/socket.c CAP +sys_socketpair net/socket.c CAP +sys_setsockopt net/socket.c CAP +sys_getsockopt net/socket.c CAP +stub_clone arch/x86_64/kernel/entry.S->process.c CAP +stub_fork arch/x86_64/kernel/entry.S->process.c CAP +stub_vfork arch/x86_64/kernel/entry.S->process.c CAP +stub_execve arch/x86_64/kernel/entry.S->process.c CAP +sys_exit OK +sys_wait4 kernel/exit.c CAP +sys_kill kernel/signal.c CAP +sys_uname OK +sys_semget ipc/sem.c CAP +sys_semop ipc/sem.c CAP +sys_semctl ipc/sem.c CAP +sys_shmdt ipc/shm.c CAP +sys_msgget ipc/msg.c CAP +sys_msgsnd ipc/msg.c CAP +sys_msgrcv ipc/msg.c CAP +sys_msgctl ipc/msg.c CAP +sys_fcntl fs/fcntl.c CAP +sys_flock fs/locks.c CAP +sys_fsync fs/sync.c CAP +sys_fdatasync fs/sync.c CAP +sys_truncate fs/open.c CAP +sys_ftruncate fs/open.c CAP +sys_getdents fs/readdir.c CAP +sys_getcwd fs/dcache.c CAP +sys_chdir fs/open.c CAP +sys_fchdir fs/open.c CAP +sys_rename fs/namei.c REDIR +sys_mkdir fs/namei.c REDIR +sys_rmdir fs/namei.c CAP +sys_creat fs/open.c CAP +sys_link fs/namei.c REDIR +sys_unlink fs/namei.c CAP +sys_symlink fs/namei.c REDIR +sys_readlink fs/stat.c REDIR +sys_chmod fs/open.c CAP +sys_fchmod fs/open.c CAP +sys_chown fs/open.c CAP +sys_fchown fs/open.c CAP +sys_lchown fs/open.c CAP +sys_umask kernel/sys.c CAP +sys_gettimeofday kernel/time.c OK +sys_getrlimit kernel/sys.c OK +sys_getrusage kernel/sys.c OK +sys_sysinfo kernel/timer.c CAP +sys_times OK +sys_ptrace kernel/ptrace.c CAP +sys_getuid kernel/timer.c OK +sys_syslog kernel/printk.c CAP +sys_getgid kernel/timer.c OK +sys_setuid kernel/sys.c CAP +sys_setgid kernel/sys.c CAP +sys_geteuid kernel/timer.c OK +sys_getegid kernel/timer.c OK +sys_setpgid kernel/sys.c CAP +sys_getppid kernel/timer.c OK +sys_getpgrp kernel/sys.c OK +sys_setsid kernel/sys.c CAP +sys_setreuid kernel/sys.c CAP +sys_setregid kernel/sys.c CAP +sys_getgroups kernel/sys.c OK +sys_setgroups kernel/sys.c CAP +sys_setresuid kernel/sys.c CAP +sys_getresuid kernel/sys.c OK +sys_setresgid kernel/sys.c CAP +sys_getresgid kernel/sys.c OK +sys_getpgid kernel/sys.c CAP +sys_setfsuid kernel/sys.c CAP +sys_setfsgid kernel/sys.c CAP +sys_getsid kernel/sys.c CAP +sys_capget kernel/capability.c CAP +sys_capset kernel/capability.c CAP +sys_rt_sigpending kernel/signal.c CAP +sys_rt_sigtimedwait kernel/signal.c CAP +sys_rt_sigqueueinfo kernel/signal.c CAP +stub_rt_sigsuspend kernel/signal.c CAP +stub_sigaltstack arch/x86_64/kernel/signal.c OK +sys_utime fs/utimes.c CAP +sys_mknod fs/namei.c REDIR +sys_ni_syscall --- +sys_personality kernel/exec_domain.c CAP +sys_ustat fs/super.c CAP +sys_statfs fs/open.c CAP +sys_fstatfs fs/open.c CAP +sys_sysfs fs/filesystems.c CAP +sys_getpriority kernel/sys.c CAP +sys_setpriority kernel/sys.c CAP +sys_sched_setparam kernel/sched.c CAP +sys_sched_getparam kernel/sched.c CAP +sys_sched_setscheduler kernel/sched.c CAP +sys_sched_getscheduler kernel/sched.c CAP +sys_sched_get_priority_max kernel/sched.c OK +sys_sched_get_priority_min kernel/sched.c OK +sys_sched_rr_get_interval kernel/sched.c OK +sys_mlock mm/mlock.c CAP +sys_munlock mm/mlock.c CAP +sys_mlockall mm/mlock.c CAP +sys_munlockall mm/mlock.c CAP +sys_vhangup fs/open.c CAP +sys_modify_ldt arch/x86_64/kernel/ldt.c CAP +sys_pivot_root fs/namespace.c CAP +sys_sysctl kernel/sysctl.c CAP +sys_prctl kernel/sys.c CAP +sys_arch_prctl arch/x86_64/kernel/process.c OK +sys_adjtimex kernel/time.c CAP +sys_setrlimit kernel/sys.c CAP +sys_chroot fs/open.c CAP +sys_sync fs/sync.c CAP +sys_acct kernel/acct.c CAP +sys_settimeofday kernel/time.c CAP +sys_mount fs/namespace.c CAP +sys_umount fs/namespace.c CAP +sys_swapon mm/swapfile.c CAP +sys_swapoff mm/swapfile.c CAP +sys_reboot kernel/sys.c CAP +sys_sethostname kernel/sys.c CAP +sys_setdomainname kernel/sys.c CAP +stub_iopl arch/x86_64/kernel/ioport.c CAP +sys_ioperm arch/x86_64/kernel/ioport.c CAP +sys_ni_syscall --- +sys_init_module kernel/module.c CAP +sys_delete_module kernel/module.c CAP +sys_ni_syscall --- +sys_ni_syscall --- +sys_quotactl fs/quota.c CAP +sys_nfsservctl fs/nfsctl.c CAP +sys_ni_syscall --- +sys_ni_syscall --- +sys_ni_syscall --- +sys_ni_syscall --- +sys_ni_syscall --- +sys_gettid kernel/timer.c OK +sys_readahead mm/filemap.c CAP +sys_setxattr fs/xattr.c CAP +sys_lsetxattr fs/xattr.c CAP +sys_fsetxattr fs/xattr.c CAP +sys_getxattr fs/xattr.c CAP +sys_lgetxattr fs/xattr.c CAP +sys_fgetxattr fs/xattr.c CAP +sys_listxattr fs/xattr.c CAP +sys_llistxattr fs/xattr.c CAP +sys_flistxattr fs/xattr.c CAP +sys_removexattr fs/xattr.c CAP +sys_lremovexattr fs/xattr.c CAP +sys_fremovexattr fs/xattr.c CAP +sys_tkill fs/signal.c CAP +sys_time OK +sys_futex OK +sys_sched_setaffinity kernel/sched.c CAP +sys_sched_getaffinity kernel/sched.c CAP +sys_ni_syscall --- +sys_io_setup fs/aio.c CAP +sys_io_destroy fs/aio.c CAP +sys_io_getevents fs/aio.c CAP +sys_io_submit fs/aio.c CAP +sys_io_cancel fs/aio.c CAP +sys_ni_syscall --- +sys_lookup_dcookie fs/dcookies.c CAP +sys_epoll_create fs/eventpoll.c CAP +sys_ni_syscall --- +sys_ni_syscall --- +sys_remap_file_pages mm/fremap.c OK? +sys_getdents64 fs/readdir.c CAP +sys_set_tid_address OK +sys_restart_syscall kernel/signal.c OK +sys_semtimedop ipc/sem.c CAP +sys_fadvise64 mm/fadvise.c REDIR +sys_timer_create kernel/posix-timers.c CAP +sys_timer_settime kernel/posix-timers.c CAP +sys_timer_gettime kernel/posix-timers.c CAP +sys_timer_getoverrun kernel/posix-timers.c CAP +sys_timer_delete kernel/posix-timers.c CAP +sys_clock_settime kernel/posix-timers.c CAP +sys_clock_gettime kernel/posix-timers.c CAP +sys_clock_getres kernel/posix-timers.c CAP +sys_clock_nanosleep kernel/posix-timers.c CAP +sys_exit_group kernel/exit.c OK? +sys_epoll_wait fs/eventpoll.c CAP +sys_epoll_ctl fs/eventpoll.c CAP +sys_tgkill kernel/signal.c CAP +sys_utimes fs/utimes.c REDIR +sys_ni_syscall --- +sys_mbind mm/mempolicy.c CAP +sys_set_mempolicy mm/mempolicy.c CAP +sys_get_mempolicy mm/mempolicy.c CAP +sys_mq_open ipc/mqueue.c CAP +sys_mq_unlink ipc/mqueue.c CAP +sys_mq_timedsend ipc/mqueue.c CAP +sys_mq_timedreceive ipc/mqueue.c CAP +sys_mq_notify ipc/mqueue.c CAP +sys_mq_getsetattr ipc/mqueue.c CAP +sys_kexec_load kernel/kexec.c CAP +sys_waitid kernel/exit.c CAP +sys_add_key security/keys/keyctl.c CAP +sys_request_key security/keys/keyctl.c CAP +sys_keyctl security/keys/keyctl.c CAP +sys_ioprio_set fs/ioprio.c CAP +sys_ioprio_get fs/ioprio.c CAP +sys_inotify_init fs/inotify_user.c CAP +sys_inotify_add_watch fs/inotify_user.c CAP +sys_inotify_rm_watch fs/inotify_user.c CAP +sys_migrate_pages mm/mempolicy.c CAP +sys_openat fs/open.c CAP +sys_mkdirat fs/namei.c CAP +sys_mknodat fs/namei.c CAP +sys_fchownat fs/open.c CAP +sys_futimesat fs/utimes.c CAP +sys_newfstatat fs/stat.c CAP +sys_unlinkat fs/namei.c CAP +sys_renameat fs/namei.c CAP +sys_linkat fs/namei.c CAP +sys_symlinkat fs/namei.c CAP +sys_readlinkat fs/stat.c CAP +sys_fchmodat fs/open.c CAP +sys_faccessat fs/open.c CAP +sys_pselect6 fs/select.c OK +sys_ppoll fs/select.c OK +sys_unshare kernel/fork.c CAP +sys_set_robust_list kernel/futex.c OK? +sys_get_robust_list kernel/futex.c OK? +sys_splice fs/splice.c CAP +sys_tee fs/splice.c CAP +sys_sync_file_range fs/sync.c CAP +sys_vmsplice fs/splice.c CAP +sys_move_pages mm/migrate.c CAP +sys_utimensat fs/utimes.c CAP +sys_epoll_pwait fs/eventpoll.c CAP +sys_signalfd fs/signalfd.c CAP +sys_timerfd fs/timerfd.c CAP +sys_eventfd fs/eventfd.c CAP + +=== END OF SYSCALL TABLE === +*) The line number corresponds to syscall number + +Syscall 0: +sys_read fs/read_write.c OK + +syscall table is in include/asm-x86_64/unistd.h diff -ruNp linux-2.6.22.10/arch/x86_64/SYSCALLS.x86_64_ia32 linux-2.6.22.10-cher1/arch/x86_64/SYSCALLS.x86_64_ia32 --- linux-2.6.22.10/arch/x86_64/SYSCALLS.x86_64_ia32 1970-01-01 03:00:00.000000000 +0300 +++ linux-2.6.22.10-cher1/arch/x86_64/SYSCALLS.x86_64_ia32 2007-10-21 02:05:19.000000000 +0400 @@ -0,0 +1,331 @@ +sys_exit OK +stub32_fork arch/x86_64/ia32/ia32entry.S CAP +sys_read OK +sys_write OK +compat_sys_open fs/compat.c CAP +sys_close fs/open.c OK +sys32_waitpid arch/x86_64/ia32/sys_ia32.c CAP +sys_creat fs/open.c CAP +sys_link fs/namei.c REDIR +sys_unlink fs/namei.c CAP +stub32_execve arch/x86_64/ia32/ia32entry.S CAP +sys_chdir fs/open.c CAP +compat_sys_time kernel/compat.c OK +sys_mknod fs/namei.c REDIR +sys_chmod fs/open.c CAP +sys_lchown16 kernel/uid16.c REDIR +quiet_ni_syscall --- +sys_stat fs/stat.c CAP +sys32_lseek arch/x86_64/ia32/sys_ia32.c REDIR +sys_getpid kernel/timer.c OK +compat_sys_mount fs/compat.c CAP +sys_oldumount fs/namespace.c REDIR +sys_setuid16 kernel/uid16.c REDIR +sys_getuid16 kernel/uid16.c OK +compat_sys_stime kernel/compat.c CAP +sys32_ptrace arch/x86_64/ia32/ptrace32.c CAP +sys_alarm kernel/timer.c OK +sys_fstat fs/stat.c CAP +sys_pause kernel/signal.c CAP +compat_sys_utime fs/compat.c CAP +quiet_ni_syscall --- +quiet_ni_syscall --- +sys_access fs/open.c CAP +sys_nice kernel/sched.c CAP +quiet_ni_syscall --- +sys_sync fs/sync.c CAP +sys32_kill arch/x86_64/ia32/sys_ia32.c REDIR +sys_rename fs/namei.c REDIR +sys_mkdir fs/namei.c REDIR +sys_rmdir fs/namei.c CAP +sys_dup fs/fcntl.c CAP +sys32_pipe arch/x86_64/ia32/sys_ia32.c CAP +compat_sys_times kernel/compat.c OK +quiet_ni_syscall --- +sys_brk OK +sys_setgid16 kernel/uid16.c REDIR +sys_getgid16 kernel/uid16.c OK +sys_signal kernel/signal.c OK +sys_geteuid16 kernel/uid16.c OK +sys_getegid16 kernel/uid16.c OK +sys_acct kernel/acct.c CAP +sys_umount fs/namespace.c CAP +quiet_ni_syscall --- +compat_sys_ioctl fs/compat_ioctl.c CAP +compat_sys_fcntl64 fs/compat.c CAP +quiet_ni_syscall --- +sys_setpgid kernel/sys.c CAP +quiet_ni_syscall --- +sys32_olduname arch/x86_64/ia32/sys_ia32.c OK +sys_umask kernel/sys.c CAP +sys_chroot fs/open.c CAP +sys32_ustat arch/x86_64/ia32/sys_ia32.c REDIR +sys_dup2 fs/fcntl.c CAP +sys_getppid kernel/timer.c OK +sys_getpgrp kernel/sys.c OK +sys_setsid kernel/sys.c CAP +sys32_sigaction arch/x86_64/ia32/sys_ia32.c OK +sys_sgetmask kernel/signal.c OK +sys_ssetmask kernel/signal.c CAP +sys_setreuid16 kernel/uid16.c REDIR +sys_setregid16 kernel/uid16.c REDIR +stub32_sigsuspend arch/x86_64/ia32/ia32_signal.c CAP +compat_sys_sigpending kernel/compat.c REDIR +sys_sethostname kernel/sys.c CAP +compat_sys_setrlimit kernel/compat.c REDIR +compat_sys_old_getrlimit kernel/compat.c OK +compat_sys_getrusage kernel/compat.c OK +sys32_gettimeofday arch/x86_64/ia32/sys_ia32.c OK +sys32_settimeofday arch/x86_64/ia32/sys_ia32.c CAP +sys_getgroups16 kernel/uid16.c REDIR +sys_setgroups16 kernel/uid16.c CAP +sys32_old_select arch/x86_64/ia32/sys_ia32.c OK +sys_symlink fs/namei.c REDIR +sys_lstat fs/stat.c CAP +sys_readlink fs/stat.c REDIR +sys_uselib fs/exec.c CAP +sys_swapon mm/swapfile.c CAP +sys_reboot kernel/sys.c CAP +compat_sys_old_readdir fs/compat.c CAP +sys32_mmap arch/x86_64/ia32/sys_ia32.c OK +sys_munmap OK +sys_truncate fs/open.c CAP +sys_ftruncate fs/open.c CAP +sys_fchmod fs/open.c CAP +sys_fchown16 kernel/uid16.c REDIR +sys_getpriority kernel/sys.c CAP +sys_setpriority kernel/sys.c CAP +quiet_ni_syscall --- +compat_sys_statfs fs/compat.c CAP +compat_sys_fstatfs fs/compat.c CAP +sys_ioperm arch/x86_64/kernel/ioport.c CAP +compat_sys_socketcall net/compat.c CAP +sys_syslog kernel/printk.c CAP +compat_sys_setitimer kernel/compat.c OK +compat_sys_getitimer kernel/compat.c OK +compat_sys_newstat fs/compat.c CAP +compat_sys_newlstat fs/compat.c CAP +compat_sys_newfstat fs/compat.c CAP +sys32_uname arch/x86_64/ia32/sys_ia32.c OK +stub32_iopl arch/x86_64/ia32/ia32entry.S REDIR +sys_vhangup fs/open.c CAP +quiet_ni_syscall --- +sys32_vm86_warning arch/x86_64/ia32/sys_ia32.c CAP +compat_sys_wait4 kernel/compat.c REDIR +sys_swapoff mm/swapfile.c CAP +compat_sys_sysinfo kernel/compat.c CAP +sys32_ipc arch/x86_64/ia32/ipc32.c CAP +sys_fsync fs/sync.c CAP +stub32_sigreturn OK +stub32_clone arch/x86_64/ia32/ia32entry.S REDIR +sys_setdomainname kernel/sys.c CAP +sys_uname OK +sys_modify_ldt arch/x86_64/kernel/ldt.c CAP +compat_sys_adjtimex kernel/compat.c CAP +sys32_mprotect arch/x86_64/ia32/sys_ia32.c REDIR +compat_sys_sigprocmask kernel/compat.c REDIR +quiet_ni_syscall --- +sys_init_module kernel/module.c CAP +sys_delete_module kernel/module.c CAP +quiet_ni_syscall --- +sys_quotactl fs/quota.c CAP +sys_getpgid kernel/sys.c CAP +sys_fchdir fs/open.c CAP +quiet_ni_syscall --- +sys_sysfs fs/filesystems.c CAP +sys_personality kernel/exec_domain.c CAP +quiet_ni_syscall --- +sys_setfsuid16 kernel/uid16.c REDIR +sys_setfsgid16 kernel/uid16.c REDIR +sys_llseek fs/read_write.c CAP +compat_sys_getdents fs/compat.c CAP +compat_sys_select fs/compat.c OK +sys_flock fs/locks.c CAP +sys_msync OK +compat_sys_readv OK +compat_sys_writev OK +sys_getsid kernel/sys.c CAP +sys_fdatasync fs/sync.c CAP +sys32_sysctl arch/x86_64/ia32/sys_ia32.c CAP +sys_mlock mm/mlock.c CAP +sys_munlock mm/mlock.c CAP +sys_mlockall mm/mlock.c CAP +sys_munlockall mm/mlock.c CAP +sys_sched_setparam kernel/sched.c CAP +sys_sched_getparam kernel/sched.c CAP +sys_sched_setscheduler kernel/sched.c CAP +sys_sched_getscheduler kernel/sched.c CAP +sys_sched_yield kernel/sched.c OK +sys_sched_get_priority_max kernel/sched.c OK +sys_sched_get_priority_min kernel/sched.c OK +sys32_sched_rr_get_interval arch/x86_64/ia32/sys_ia32.c REDIR +compat_sys_nanosleep kernel/compat.c OK? +sys_mremap mm/mremap.c CAP +sys_setresuid16 kernel/uid16.c REDIR +sys_getresuid16 kernel/uid16.c OK? +sys32_vm86_warning arch/x86_64/ia32/sys_ia32.c CAP +quiet_ni_syscall --- +sys_poll OK +compat_sys_nfsservctl fs/compat.c CAP +sys_setresgid16 kernel/uid16.c REDIR +sys_getresgid16 kernel/uid16.c OK? +sys_prctl kernel/sys.c CAP +stub32_rt_sigreturn OK +sys32_rt_sigaction OK +sys32_rt_sigprocmask arch/x86_64/ia32/sys_ia32.c REDIR +sys32_rt_sigpending arch/x86_64/ia32/sys_ia32.c REDIR +compat_sys_rt_sigtimedwait kernel/compat.c CAP +sys32_rt_sigqueueinfo arch/x86_64/ia32/sys_ia32.c REDIR +stub32_rt_sigsuspend arch/x86_64/ia32/ia32entry.S REDIR +sys32_pread arch/x86_64/ia32/sys_ia32.c REDIR +sys32_pwrite arch/x86_64/ia32/sys_ia32.c REDIR +sys_chown16 kernel/uid16.c REDIR +sys_getcwd fs/dcache.c CAP +sys_capget kernel/capability.c CAP +sys_capset kernel/capability.c CAP +stub32_sigaltstack arch/x86_64/ia32/ia32_signal.c CAP +sys32_sendfile arch/x86_64/ia32/sys_ia32.c REDIR +quiet_ni_syscall --- +quiet_ni_syscall --- +stub32_vfork arch/x86_64/ia32/ia32entry.S REDIR +compat_sys_getrlimit kernel/compat.c REDIR +sys32_mmap2 OK +sys32_truncate64 arch/x86_64/ia32/sys_ia32.c REDIR +sys32_ftruncate64 arch/x86_64/ia32/sys_ia32.c REDIR +sys32_stat64 arch/x86_64/ia32/sys_ia32.c CAP +sys32_lstat64 arch/x86_64/ia32/sys_ia32.c CAP +sys32_fstat64 arch/x86_64/ia32/sys_ia32.c CAP +sys_lchown fs/open.c CAP +sys_getuid kernel/timer.c OK +sys_getgid kernel/timer.c OK +sys_geteuid kernel/timer.c OK +sys_getegid kernel/timer.c OK +sys_setreuid kernel/sys.c CAP +sys_setregid kernel/sys.c CAP +sys_getgroups kernel/sys.c OK +sys_setgroups kernel/sys.c CAP +sys_fchown fs/open.c CAP +sys_setresuid kernel/sys.c CAP +sys_getresuid kernel/sys.c OK +sys_setresgid kernel/sys.c CAP +sys_getresgid kernel/sys.c OK +sys_chown fs/open.c CAP +sys_setuid kernel/sys.c CAP +sys_setgid kernel/sys.c CAP +sys_setfsuid kernel/sys.c CAP +sys_setfsgid kernel/sys.c CAP +sys_pivot_root fs/namespace.c CAP +sys_mincore mm/mincore.c CAP +sys_madvise mm/madvise.c CAP +compat_sys_getdents64 fs/compat.c CAP +compat_sys_fcntl64 fs/compat.c CAP +quiet_ni_syscall --- +quiet_ni_syscall --- +sys_gettid kernel/timer.c OK +sys32_readahead arch/x86_64/ia32/sys_ia32.c REDIR +sys_setxattr fs/xattr.c CAP +sys_lsetxattr fs/xattr.c CAP +sys_fsetxattr fs/xattr.c CAP +sys_getxattr fs/xattr.c CAP +sys_lgetxattr fs/xattr.c CAP +sys_fgetxattr fs/xattr.c CAP +sys_listxattr fs/xattr.c CAP +sys_llistxattr fs/xattr.c CAP +sys_flistxattr fs/xattr.c CAP +sys_removexattr fs/xattr.c CAP +sys_lremovexattr fs/xattr.c CAP +sys_fremovexattr fs/xattr.c CAP +sys_tkill fs/signal.c CAP +sys_sendfile64 fs/read_write.c CAP +compat_sys_futex OK +compat_sys_sched_setaffinity kernel/compat.c CAP +compat_sys_sched_getaffinity kernel/compat.c CAP +sys32_set_thread_area OK +sys32_get_thread_area OK +compat_sys_io_setup fs/compat.c REDIR +sys_io_destroy fs/aio.c CAP +compat_sys_io_getevents fs/compat.c REDIR +compat_sys_io_submit fs/compat.c REDIR +sys_io_cancel fs/aio.c CAP +sys32_fadvise64 arch/x86_64/ia32/sys_ia32.c REDIR +quiet_ni_syscall --- +sys_exit_group kernel/exit.c OK? +sys32_lookup_dcookie arch/x86_64/ia32/sys_ia32.c REDIR +sys_epoll_create fs/eventpoll.c CAP +sys_epoll_ctl fs/eventpoll.c CAP +sys_epoll_wait fs/eventpoll.c CAP +sys_remap_file_pages mm/fremap.c OK? +sys_set_tid_address OK +compat_sys_timer_create kernel/compat.c REDIR +compat_sys_timer_settime kernel/compat.c REDIR +compat_sys_timer_gettime kernel/compat.c REDIR +sys_timer_getoverrun kernel/posix-timers.c CAP +sys_timer_delete kernel/posix-timers.c CAP +compat_sys_clock_settime kernel/compat.c REDIR +compat_sys_clock_gettime kernel/compat.c REDIR +compat_sys_clock_getres kernel/compat.c REDIR +compat_sys_clock_nanosleep kernel/compat.c REDIR +compat_sys_statfs64 fs/compat.c CAP +compat_sys_fstatfs64 fs/compat.c CAP +sys_tgkill kernel/signal.c CAP +compat_sys_utimes fs/compat.c REDIR +sys32_fadvise64_64 arch/x86_64/ia32/sys_ia32.c REDIR +quiet_ni_syscall --- +sys_mbind mm/mempolicy.c CAP +compat_sys_get_mempolicy mm/mempolicy.c REDIR +sys_set_mempolicy mm/mempolicy.c CAP +compat_sys_mq_open ipc/compat_mq.c REDIR +sys_mq_unlink ipc/mqueue.c CAP +compat_sys_mq_timedsend ipc/compat_mq.c REDIR +compat_sys_mq_timedreceive ipc/compat_mq.c REDIR +compat_sys_mq_notify ipc/compat_mq.c REDIR +compat_sys_mq_getsetattr ipc/compat_mq.c REDIR +compat_sys_kexec_load kernel/kexec.c REDIR +compat_sys_waitid kernel/compat.c REDIR +quiet_ni_syscall --- +sys_add_key security/keys/keyctl.c CAP +sys_request_key security/keys/keyctl.c CAP +sys_keyctl security/keys/keyctl.c CAP +sys_ioprio_set fs/ioprio.c CAP +sys_ioprio_get fs/ioprio.c CAP +sys_inotify_init fs/inotify_user.c CAP +sys_inotify_add_watch fs/inotify_user.c CAP +sys_inotify_rm_watch fs/inotify_user.c CAP +sys_migrate_pages mm/mempolicy.c CAP +compat_sys_openat fs/compat.c CAP +sys_mkdirat fs/namei.c CAP +sys_mknodat fs/namei.c CAP +sys_fchownat fs/open.c CAP +compat_sys_futimesat fs/compat.c CAP +sys32_fstatat arch/x86_64/ia32/sys_ia32.c CAP +sys_unlinkat fs/namei.c CAP +sys_renameat fs/namei.c CAP +sys_linkat fs/namei.c CAP +sys_symlinkat fs/namei.c CAP +sys_readlinkat fs/stat.c CAP +sys_fchmodat fs/open.c CAP +sys_faccessat fs/open.c CAP +compat_sys_pselect6 OK +compat_sys_ppoll OK +sys_unshare kernel/fork.c CAP +compat_sys_set_robust_list OK +compat_sys_get_robust_list OK +sys_splice fs/splice.c CAP +sys32_sync_file_range arch/x86_64/ia32/sys_ia32.c REDIR +sys_tee fs/splice.c CAP +compat_sys_vmsplice fs/compat.c REDIR +compat_sys_move_pages kernel/compat.c REDIR +sys_getcpu kernel/sys.c CAP +sys_epoll_pwait fs/eventpoll.c CAP +compat_sys_utimensat fs/compat.c CAP +compat_sys_signalfd fs/compat.c REDIR +compat_sys_timerfd fs/compat.c REDIR +sys_eventfd fs/eventfd.c CAP + +=== END OF SYSCALL TABLE === +*) The line number corresponds to syscall number + +Syscall 0: +sys_restart_syscall kernel/signal.c OK + +syscall table is in arch/x86_64/ia32/ia32entry.S diff -ruNp linux-2.6.22.10/arch/x86_64/ia32/ia32_aout.c linux-2.6.22.10-cher1/arch/x86_64/ia32/ia32_aout.c --- linux-2.6.22.10/arch/x86_64/ia32/ia32_aout.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/arch/x86_64/ia32/ia32_aout.c 2007-10-21 02:05:19.000000000 +0400 @@ -285,8 +285,12 @@ static int load_aout_binary(struct linux rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur; if (rlim >= RLIM_INFINITY) rlim = ~0; - if (ex.a_data + ex.a_bss > rlim) + if (ex.a_data + ex.a_bss > rlim) { + if ((current->sbox_flags & SBOX_MEMLIMITON)) { + current->sbox_flags |= SBOX_WAS_MEMLIMIT; + } return -ENOMEM; + } /* Flush all traces of the currently running executable */ retval = flush_old_exec(bprm); @@ -526,3 +530,9 @@ static void __exit exit_aout_binfmt(void module_init(init_aout_binfmt); module_exit(exit_aout_binfmt); MODULE_LICENSE("GPL"); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/arch/x86_64/ia32/ia32_signal.c linux-2.6.22.10-cher1/arch/x86_64/ia32/ia32_signal.c --- linux-2.6.22.10/arch/x86_64/ia32/ia32_signal.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/arch/x86_64/ia32/ia32_signal.c 2007-10-21 02:05:19.000000000 +0400 @@ -115,6 +115,9 @@ int copy_siginfo_from_user32(siginfo_t * asmlinkage long sys32_sigsuspend(int history0, int history1, old_sigset_t mask) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + mask &= _BLOCKABLE; spin_lock_irq(¤t->sighand->siglock); current->saved_sigmask = current->blocked; @@ -136,6 +139,10 @@ sys32_sigaltstack(const stack_ia32_t __u stack_t uss,uoss; int ret; mm_segment_t seg; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (uss_ptr) { u32 ptr; memset(&uss,0,sizeof(stack_t)); diff -ruNp linux-2.6.22.10/arch/x86_64/ia32/ipc32.c linux-2.6.22.10-cher1/arch/x86_64/ia32/ipc32.c --- linux-2.6.22.10/arch/x86_64/ia32/ipc32.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/arch/x86_64/ia32/ipc32.c 2007-10-21 02:05:19.000000000 +0400 @@ -17,6 +17,9 @@ sys32_ipc(u32 call, int first, int secon { int version; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + version = call >> 16; /* hack for backward compatibility */ call &= 0xffff; diff -ruNp linux-2.6.22.10/arch/x86_64/ia32/ptrace32.c linux-2.6.22.10-cher1/arch/x86_64/ia32/ptrace32.c --- linux-2.6.22.10/arch/x86_64/ia32/ptrace32.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/arch/x86_64/ia32/ptrace32.c 2007-10-21 02:05:19.000000000 +0400 @@ -235,6 +235,18 @@ asmlinkage long sys32_ptrace(long reques int ret; __u32 val; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + if (request == PTRACE_MEMLIMIT) { + current->sbox_flags |= SBOX_MEMLIMITON; + return 0; + } + if (request == PTRACE_NO_SYSCALLS) { + current->sbox_flags |= SBOX_NO_SYSCALLS; + return 0; + } + switch (request) { case PTRACE_TRACEME: case PTRACE_ATTACH: diff -ruNp linux-2.6.22.10/arch/x86_64/ia32/sys_ia32.c linux-2.6.22.10-cher1/arch/x86_64/ia32/sys_ia32.c --- linux-2.6.22.10/arch/x86_64/ia32/sys_ia32.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/arch/x86_64/ia32/sys_ia32.c 2007-10-21 02:05:19.000000000 +0400 @@ -158,7 +158,12 @@ asmlinkage long sys32_stat64(char __user * filename, struct stat64 __user *statbuf) { struct kstat stat; - int ret = vfs_stat(filename, &stat); + int ret; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + ret = vfs_stat(filename, &stat); if (!ret) ret = cp_stat64(statbuf, &stat); return ret; @@ -168,7 +173,12 @@ asmlinkage long sys32_lstat64(char __user * filename, struct stat64 __user *statbuf) { struct kstat stat; - int ret = vfs_lstat(filename, &stat); + int ret; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + ret = vfs_lstat(filename, &stat); if (!ret) ret = cp_stat64(statbuf, &stat); return ret; @@ -178,7 +188,12 @@ asmlinkage long sys32_fstat64(unsigned int fd, struct stat64 __user *statbuf) { struct kstat stat; - int ret = vfs_fstat(fd, &stat); + int ret; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + ret = vfs_fstat(fd, &stat); if (!ret) ret = cp_stat64(statbuf, &stat); return ret; @@ -191,6 +206,9 @@ sys32_fstatat(unsigned int dfd, char __u struct kstat stat; int error = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0) goto out; @@ -264,6 +282,9 @@ sys32_pipe(int __user *fd) int retval; int fds[2]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = do_pipe(fds); if (retval) goto out; @@ -472,6 +493,9 @@ sys32_settimeofday(struct compat_timeval struct timespec kts; struct timezone ktz; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (tv) { if (get_tv32(&ktv, tv)) return -EFAULT; @@ -609,6 +633,9 @@ sys32_sysctl(struct sysctl_ia32 __user * int __user *namep; long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (copy_from_user(&a32, args32, sizeof (a32))) return -EFAULT; @@ -795,6 +822,9 @@ asmlinkage long sys32_execve(char __user long error; char * filename; + if ((current->sbox_flags & SBOX_NO_EXEC)) + return -EPERM; + filename = getname(name); error = PTR_ERR(filename); if (IS_ERR(filename)) @@ -803,6 +833,8 @@ asmlinkage long sys32_execve(char __user if (error == 0) { task_lock(current); current->ptrace &= ~PT_DTRACE; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + current->sbox_flags |= SBOX_NO_EXEC; task_unlock(current); } putname(filename); @@ -846,6 +878,10 @@ long sys32_vm86_warning(void) { struct task_struct *me = current; static char lastcomm[sizeof(me->comm)]; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) { compat_printk(KERN_INFO "%s: vm86 mode not supported on 64 bit kernel\n", me->comm); diff -ruNp linux-2.6.22.10/arch/x86_64/kernel/ioport.c linux-2.6.22.10-cher1/arch/x86_64/kernel/ioport.c --- linux-2.6.22.10/arch/x86_64/kernel/ioport.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/arch/x86_64/kernel/ioport.c 2007-10-21 02:05:19.000000000 +0400 @@ -39,6 +39,9 @@ asmlinkage long sys_ioperm(unsigned long struct tss_struct * tss; unsigned long *bitmap; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) return -EINVAL; if (turn_on && !capable(CAP_SYS_RAWIO)) @@ -107,6 +110,9 @@ asmlinkage long sys_iopl(unsigned int le { unsigned int old = (regs->eflags >> 12) & 3; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (level > 3) return -EINVAL; /* Trying to gain more privileges? */ diff -ruNp linux-2.6.22.10/arch/x86_64/kernel/ldt.c linux-2.6.22.10-cher1/arch/x86_64/kernel/ldt.c --- linux-2.6.22.10/arch/x86_64/kernel/ldt.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/arch/x86_64/kernel/ldt.c 2007-10-21 02:05:19.000000000 +0400 @@ -234,6 +234,9 @@ asmlinkage int sys_modify_ldt(int func, { int ret = -ENOSYS; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + switch (func) { case 0: ret = read_ldt(ptr, bytecount); diff -ruNp linux-2.6.22.10/arch/x86_64/kernel/process.c linux-2.6.22.10-cher1/arch/x86_64/kernel/process.c --- linux-2.6.22.10/arch/x86_64/kernel/process.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/arch/x86_64/kernel/process.c 2007-10-21 02:05:19.000000000 +0400 @@ -683,6 +683,9 @@ long sys_execve(char __user *name, char long error; char * filename; + if ((current->sbox_flags & SBOX_NO_EXEC)) + return -EPERM; + filename = getname(name); error = PTR_ERR(filename); if (IS_ERR(filename)) @@ -691,6 +694,8 @@ long sys_execve(char __user *name, char if (error == 0) { task_lock(current); current->ptrace &= ~PT_DTRACE; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + current->sbox_flags |= SBOX_NO_EXEC; task_unlock(current); } putname(filename); diff -ruNp linux-2.6.22.10/arch/x86_64/kernel/sys_x86_64.c linux-2.6.22.10-cher1/arch/x86_64/kernel/sys_x86_64.c --- linux-2.6.22.10/arch/x86_64/kernel/sys_x86_64.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/arch/x86_64/kernel/sys_x86_64.c 2007-10-21 02:05:19.000000000 +0400 @@ -28,6 +28,9 @@ asmlinkage long sys_pipe(int __user *fil int fd[2]; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = do_pipe(fd); if (!error) { if (copy_to_user(fildes, fd, 2*sizeof(int))) diff -ruNp linux-2.6.22.10/fs/aio.c linux-2.6.22.10-cher1/fs/aio.c --- linux-2.6.22.10/fs/aio.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/aio.c 2007-10-21 02:05:19.000000000 +0400 @@ -1249,6 +1249,9 @@ asmlinkage long sys_io_setup(unsigned nr unsigned long ctx; long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ret = get_user(ctx, ctxp); if (unlikely(ret)) goto out; @@ -1283,7 +1286,12 @@ out: */ asmlinkage long sys_io_destroy(aio_context_t ctx) { - struct kioctx *ioctx = lookup_ioctx(ctx); + struct kioctx *ioctx = 0; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + ioctx = lookup_ioctx(ctx); if (likely(NULL != ioctx)) { io_destroy(ioctx); return 0; @@ -1634,6 +1642,9 @@ asmlinkage long sys_io_submit(aio_contex long ret = 0; int i; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (unlikely(nr < 0)) return -EINVAL; @@ -1711,6 +1722,9 @@ asmlinkage long sys_io_cancel(aio_contex u32 key; int ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ret = get_user(key, &iocb->aio_key); if (unlikely(ret)) return -EFAULT; @@ -1770,9 +1784,13 @@ asmlinkage long sys_io_getevents(aio_con struct io_event __user *events, struct timespec __user *timeout) { - struct kioctx *ioctx = lookup_ioctx(ctx_id); + struct kioctx *ioctx = 0; long ret = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + ioctx = lookup_ioctx(ctx_id); if (likely(ioctx)) { if (likely(min_nr <= nr && min_nr >= 0 && nr >= 0)) ret = read_events(ioctx, min_nr, nr, events, timeout); @@ -1787,3 +1805,9 @@ __initcall(aio_setup); EXPORT_SYMBOL(aio_complete); EXPORT_SYMBOL(aio_put_req); EXPORT_SYMBOL(wait_on_sync_kiocb); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/fs/binfmt_aout.c linux-2.6.22.10-cher1/fs/binfmt_aout.c --- linux-2.6.22.10/fs/binfmt_aout.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/binfmt_aout.c 2007-10-21 02:05:19.000000000 +0400 @@ -294,8 +294,12 @@ static int load_aout_binary(struct linux rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur; if (rlim >= RLIM_INFINITY) rlim = ~0; - if (ex.a_data + ex.a_bss > rlim) + if (ex.a_data + ex.a_bss > rlim) { + if ((current->sbox_flags & SBOX_MEMLIMITON)) { + current->sbox_flags |= SBOX_WAS_MEMLIMIT; + } return -ENOMEM; + } /* Flush all traces of the currently running executable */ retval = flush_old_exec(bprm); @@ -560,3 +564,9 @@ static void __exit exit_aout_binfmt(void core_initcall(init_aout_binfmt); module_exit(exit_aout_binfmt); MODULE_LICENSE("GPL"); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/fs/binfmt_flat.c linux-2.6.22.10-cher1/fs/binfmt_flat.c --- linux-2.6.22.10/fs/binfmt_flat.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/binfmt_flat.c 2007-10-21 02:05:19.000000000 +0400 @@ -496,6 +496,9 @@ static int load_flat_file(struct linux_b if (rlim >= RLIM_INFINITY) rlim = ~0; if (data_len + bss_len > rlim) { + if ((current->sbox_flags & SBOX_MEMLIMITON)) { + current->sbox_flags |= SBOX_WAS_MEMLIMIT; + } ret = -ENOMEM; goto err; } @@ -938,3 +941,9 @@ core_initcall(init_flat_binfmt); module_exit(exit_flat_binfmt); /****************************************************************************/ + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/fs/buffer.c linux-2.6.22.10-cher1/fs/buffer.c --- linux-2.6.22.10/fs/buffer.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/buffer.c 2007-10-21 02:05:19.000000000 +0400 @@ -2848,6 +2848,9 @@ asmlinkage long sys_bdflush(int func, lo { static int msg_count; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SYS_ADMIN)) return -EPERM; diff -ruNp linux-2.6.22.10/fs/compat.c linux-2.6.22.10-cher1/fs/compat.c --- linux-2.6.22.10/fs/compat.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/compat.c 2007-10-21 02:05:19.000000000 +0400 @@ -80,6 +80,9 @@ asmlinkage long compat_sys_utime(char __ { struct timespec tv[2]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (t) { if (get_user(tv[0].tv_sec, &t->actime) || get_user(tv[1].tv_sec, &t->modtime)) @@ -94,6 +97,9 @@ asmlinkage long compat_sys_utimensat(uns { struct timespec tv[2]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (t) { if (get_compat_timespec(&tv[0], &t[0]) || get_compat_timespec(&tv[1], &t[1])) @@ -116,6 +122,9 @@ asmlinkage long compat_sys_futimesat(uns { struct timespec tv[2]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (t) { if (get_user(tv[0].tv_sec, &t[0].tv_sec) || get_user(tv[0].tv_nsec, &t[0].tv_usec) || @@ -140,8 +149,12 @@ asmlinkage long compat_sys_newstat(char struct compat_stat __user *statbuf) { struct kstat stat; - int error = vfs_stat_fd(AT_FDCWD, filename, &stat); + int error = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + error = vfs_stat_fd(AT_FDCWD, filename, &stat); if (!error) error = cp_compat_stat(&stat, statbuf); return error; @@ -151,8 +164,12 @@ asmlinkage long compat_sys_newlstat(char struct compat_stat __user *statbuf) { struct kstat stat; - int error = vfs_lstat_fd(AT_FDCWD, filename, &stat); + int error = 0; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = vfs_lstat_fd(AT_FDCWD, filename, &stat); if (!error) error = cp_compat_stat(&stat, statbuf); return error; @@ -185,8 +202,12 @@ asmlinkage long compat_sys_newfstat(unsi struct compat_stat __user * statbuf) { struct kstat stat; - int error = vfs_fstat(fd, &stat); + int error = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + error = vfs_fstat(fd, &stat); if (!error) error = cp_compat_stat(&stat, statbuf); return error; @@ -238,6 +259,9 @@ asmlinkage long compat_sys_statfs(const struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk(path, &nd); if (!error) { struct kstatfs tmp; @@ -255,6 +279,9 @@ asmlinkage long compat_sys_fstatfs(unsig struct kstatfs tmp; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EBADF; file = fget(fd); if (!file) @@ -303,6 +330,9 @@ asmlinkage long compat_sys_statfs64(cons struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (sz != sizeof(*buf)) return -EINVAL; @@ -323,6 +353,9 @@ asmlinkage long compat_sys_fstatfs64(uns struct kstatfs tmp; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (sz != sizeof(*buf)) return -EINVAL; @@ -397,6 +430,9 @@ asmlinkage long compat_sys_fcntl64(unsig struct flock f; long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + switch (cmd) { case F_GETLK: case F_SETLK: @@ -462,6 +498,9 @@ asmlinkage long compat_sys_fcntl64(unsig asmlinkage long compat_sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((cmd == F_GETLK64) || (cmd == F_SETLK64) || (cmd == F_SETLKW64)) return -EINVAL; return compat_sys_fcntl64(fd, cmd, arg); @@ -723,6 +762,9 @@ asmlinkage long compat_sys_mount(char __ char *dir_page; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = copy_mount_options (type, &type_page); if (retval < 0) goto out; @@ -821,6 +863,9 @@ asmlinkage long compat_sys_old_readdir(u struct file *file; struct compat_readdir_callback buf; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EBADF; file = fget(fd); if (!file) @@ -900,6 +945,9 @@ asmlinkage long compat_sys_getdents(unsi struct compat_getdents_callback buf; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EFAULT; if (!access_ok(VERIFY_WRITE, dirent, count)) goto out; @@ -991,6 +1039,9 @@ asmlinkage long compat_sys_getdents64(un struct compat_getdents_callback64 buf; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EFAULT; if (!access_ok(VERIFY_WRITE, dirent, count)) goto out; @@ -1220,6 +1271,9 @@ compat_sys_open(const char __user *filen asmlinkage long compat_sys_openat(unsigned int dfd, const char __user *filename, int flags, int mode) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + return do_sys_open(dfd, filename, flags, mode); } @@ -2041,6 +2095,9 @@ asmlinkage long compat_sys_nfsservctl(in mm_segment_t oldfs; int err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + karg = kmalloc(sizeof(*karg), GFP_USER); kres = kmalloc(sizeof(*kres), GFP_USER); if(!karg || !kres) { diff -ruNp linux-2.6.22.10/fs/compat_ioctl.c linux-2.6.22.10-cher1/fs/compat_ioctl.c --- linux-2.6.22.10/fs/compat_ioctl.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/compat_ioctl.c 2007-10-21 02:05:19.000000000 +0400 @@ -3536,6 +3536,9 @@ asmlinkage long compat_sys_ioctl(unsigne struct ioctl_trans *t; int fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + filp = fget_light(fd, &fput_needed); if (!filp) goto out; diff -ruNp linux-2.6.22.10/fs/dcache.c linux-2.6.22.10-cher1/fs/dcache.c --- linux-2.6.22.10/fs/dcache.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/dcache.c 2007-10-21 02:05:19.000000000 +0400 @@ -1918,8 +1918,12 @@ asmlinkage long sys_getcwd(char __user * int error; struct vfsmount *pwdmnt, *rootmnt; struct dentry *pwd, *root; - char *page = (char *) __get_free_page(GFP_USER); + char *page = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + page = (char *) __get_free_page(GFP_USER); if (!page) return -ENOMEM; diff -ruNp linux-2.6.22.10/fs/dcookies.c linux-2.6.22.10-cher1/fs/dcookies.c --- linux-2.6.22.10/fs/dcookies.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/dcookies.c 2007-10-21 02:05:19.000000000 +0400 @@ -23,6 +23,7 @@ #include #include #include +#include #include /* The dcookies are allocated from a kmem_cache and @@ -151,6 +152,9 @@ asmlinkage long sys_lookup_dcookie(u64 c size_t pathlen; struct dcookie_struct * dcs; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* we could leak path information to users * without dir read permission without this */ diff -ruNp linux-2.6.22.10/fs/eventfd.c linux-2.6.22.10-cher1/fs/eventfd.c --- linux-2.6.22.10/fs/eventfd.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/eventfd.c 2007-10-21 02:05:19.000000000 +0400 @@ -204,6 +204,9 @@ asmlinkage long sys_eventfd(unsigned int struct file *file; struct inode *inode; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ctx = kmalloc(sizeof(*ctx), GFP_KERNEL); if (!ctx) return -ENOMEM; diff -ruNp linux-2.6.22.10/fs/eventpoll.c linux-2.6.22.10-cher1/fs/eventpoll.c --- linux-2.6.22.10/fs/eventpoll.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/eventpoll.c 2007-10-21 02:05:19.000000000 +0400 @@ -1078,6 +1078,9 @@ asmlinkage long sys_epoll_create(int siz struct inode *inode; struct file *file; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + DNPRINTK(3, (KERN_INFO "[%p] eventpoll: sys_epoll_create(%d)\n", current, size)); @@ -1125,6 +1128,9 @@ asmlinkage long sys_epoll_ctl(int epfd, struct epitem *epi; struct epoll_event epds; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + DNPRINTK(3, (KERN_INFO "[%p] eventpoll: sys_epoll_ctl(%d, %d, %d, %p)\n", current, epfd, op, fd, event)); @@ -1221,6 +1227,9 @@ asmlinkage long sys_epoll_wait(int epfd, struct file *file; struct eventpoll *ep; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + DNPRINTK(3, (KERN_INFO "[%p] eventpoll: sys_epoll_wait(%d, %p, %d, %d)\n", current, epfd, events, maxevents, timeout)); @@ -1279,6 +1288,9 @@ asmlinkage long sys_epoll_pwait(int epfd int error; sigset_t ksigmask, sigsaved; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* * If the caller wants a certain signal mask to be set during the wait, * we apply it here. @@ -1335,3 +1347,8 @@ static int __init eventpoll_init(void) } fs_initcall(eventpoll_init); +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/fs/exec.c linux-2.6.22.10-cher1/fs/exec.c --- linux-2.6.22.10/fs/exec.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/exec.c 2007-10-21 02:05:19.000000000 +0400 @@ -130,6 +130,9 @@ asmlinkage long sys_uselib(const char __ struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = __user_path_lookup_open(library, LOOKUP_FOLLOW, &nd, FMODE_READ|FMODE_EXEC); if (error) goto out; diff -ruNp linux-2.6.22.10/fs/fcntl.c linux-2.6.22.10-cher1/fs/fcntl.c --- linux-2.6.22.10/fs/fcntl.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/fcntl.c 2007-10-21 02:05:19.000000000 +0400 @@ -140,6 +140,9 @@ asmlinkage long sys_dup2(unsigned int ol struct files_struct * files = current->files; struct fdtable *fdt; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + spin_lock(&files->file_lock); if (!(file = fcheck(oldfd))) goto out_unlock; @@ -192,8 +195,12 @@ out_fput: asmlinkage long sys_dup(unsigned int fildes) { int ret = -EBADF; - struct file * file = fget(fildes); + struct file * file = 0; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + file = fget(fildes); if (file) ret = dupfd(file, 0); return ret; @@ -387,6 +394,9 @@ asmlinkage long sys_fcntl(unsigned int f struct file *filp; long err = -EBADF; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + filp = fget(fd); if (!filp) goto out; @@ -410,6 +420,9 @@ asmlinkage long sys_fcntl64(unsigned int struct file * filp; long err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + err = -EBADF; filp = fget(fd); if (!filp) @@ -643,3 +656,9 @@ static int __init fasync_init(void) } module_init(fasync_init) + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/fs/filesystems.c linux-2.6.22.10-cher1/fs/filesystems.c --- linux-2.6.22.10/fs/filesystems.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/filesystems.c 2007-10-21 02:05:19.000000000 +0400 @@ -12,6 +12,7 @@ #include #include #include +#include #include /* @@ -181,6 +182,9 @@ asmlinkage long sys_sysfs(int option, un { int retval = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + switch (option) { case 1: retval = fs_index((const char __user *) arg1); diff -ruNp linux-2.6.22.10/fs/inotify_user.c linux-2.6.22.10-cher1/fs/inotify_user.c --- linux-2.6.22.10/fs/inotify_user.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/inotify_user.c 2007-10-21 02:05:19.000000000 +0400 @@ -547,6 +547,9 @@ asmlinkage long sys_inotify_init(void) struct file *filp; int fd, ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + fd = get_unused_fd(); if (fd < 0) return fd; @@ -619,6 +622,9 @@ asmlinkage long sys_inotify_add_watch(in int ret, fput_needed; unsigned flags = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + filp = fget_light(fd, &fput_needed); if (unlikely(!filp)) return -EBADF; @@ -660,6 +666,9 @@ asmlinkage long sys_inotify_rm_watch(int struct inotify_device *dev; int ret, fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + filp = fget_light(fd, &fput_needed); if (unlikely(!filp)) return -EBADF; diff -ruNp linux-2.6.22.10/fs/ioctl.c linux-2.6.22.10-cher1/fs/ioctl.c --- linux-2.6.22.10/fs/ioctl.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/ioctl.c 2007-10-21 02:05:19.000000000 +0400 @@ -168,6 +168,9 @@ asmlinkage long sys_ioctl(unsigned int f int error = -EBADF; int fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + filp = fget_light(fd, &fput_needed); if (!filp) goto out; @@ -190,3 +193,9 @@ asmlinkage long sys_ioctl(unsigned int f #ifdef CONFIG_COMPAT EXPORT_SYMBOL(sys_ioctl); #endif + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/fs/ioprio.c linux-2.6.22.10-cher1/fs/ioprio.c --- linux-2.6.22.10/fs/ioprio.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/ioprio.c 2007-10-21 02:05:19.000000000 +0400 @@ -63,6 +63,9 @@ asmlinkage long sys_ioprio_set(int which struct pid *pgrp; int ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + switch (class) { case IOPRIO_CLASS_RT: if (!capable(CAP_SYS_ADMIN)) @@ -174,6 +177,9 @@ asmlinkage long sys_ioprio_get(int which int ret = -ESRCH; int tmpio; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + read_lock(&tasklist_lock); switch (which) { case IOPRIO_WHO_PROCESS: diff -ruNp linux-2.6.22.10/fs/locks.c linux-2.6.22.10-cher1/fs/locks.c --- linux-2.6.22.10/fs/locks.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/locks.c 2007-10-21 02:05:19.000000000 +0400 @@ -1556,6 +1556,9 @@ asmlinkage long sys_flock(unsigned int f int can_sleep, unlock; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EBADF; filp = fget(fd); if (!filp) diff -ruNp linux-2.6.22.10/fs/namei.c linux-2.6.22.10-cher1/fs/namei.c --- linux-2.6.22.10/fs/namei.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/namei.c 2007-10-21 02:05:19.000000000 +0400 @@ -1886,6 +1886,9 @@ asmlinkage long sys_mknodat(int dfd, con struct dentry * dentry; struct nameidata nd; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (S_ISDIR(mode)) return -EPERM; tmp = getname(filename); @@ -1962,6 +1965,9 @@ asmlinkage long sys_mkdirat(int dfd, con struct dentry *dentry; struct nameidata nd; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + tmp = getname(pathname); error = PTR_ERR(tmp); if (IS_ERR(tmp)) @@ -2097,6 +2103,9 @@ exit: asmlinkage long sys_rmdir(const char __user *pathname) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + return do_rmdir(AT_FDCWD, pathname); } @@ -2185,6 +2194,9 @@ slashes: asmlinkage long sys_unlinkat(int dfd, const char __user *pathname, int flag) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((flag & ~AT_REMOVEDIR) != 0) return -EINVAL; @@ -2196,6 +2208,9 @@ asmlinkage long sys_unlinkat(int dfd, co asmlinkage long sys_unlink(const char __user *pathname) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + return do_unlinkat(AT_FDCWD, pathname); } @@ -2229,6 +2244,9 @@ asmlinkage long sys_symlinkat(const char struct dentry *dentry; struct nameidata nd; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + from = getname(oldname); if(IS_ERR(from)) return PTR_ERR(from); @@ -2318,6 +2336,9 @@ asmlinkage long sys_linkat(int olddfd, c int error; char * to; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((flags & ~AT_SYMLINK_FOLLOW) != 0) return -EINVAL; @@ -2589,6 +2610,9 @@ asmlinkage long sys_renameat(int olddfd, char * from; char * to; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + from = getname(oldname); if(IS_ERR(from)) return PTR_ERR(from); @@ -2793,3 +2817,9 @@ EXPORT_SYMBOL(vfs_symlink); EXPORT_SYMBOL(vfs_unlink); EXPORT_SYMBOL(dentry_unhash); EXPORT_SYMBOL(generic_readlink); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/fs/namespace.c linux-2.6.22.10-cher1/fs/namespace.c --- linux-2.6.22.10/fs/namespace.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/namespace.c 2007-10-21 02:05:19.000000000 +0400 @@ -638,6 +638,9 @@ asmlinkage long sys_umount(char __user * struct nameidata nd; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = __user_walk(name, LOOKUP_FOLLOW, &nd); if (retval) goto out; @@ -1542,6 +1545,9 @@ asmlinkage long sys_mount(char __user * unsigned long dev_page; char *dir_page; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = copy_mount_options(type, &type_page); if (retval < 0) return retval; @@ -1675,6 +1681,9 @@ asmlinkage long sys_pivot_root(const cha struct nameidata new_nd, old_nd, parent_nd, root_parent, user_nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SYS_ADMIN)) return -EPERM; @@ -1868,3 +1877,9 @@ void __put_mnt_ns(struct mnt_namespace * release_mounts(&umount_list); kfree(ns); } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/fs/nfsctl.c linux-2.6.22.10-cher1/fs/nfsctl.c --- linux-2.6.22.10/fs/nfsctl.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/nfsctl.c 2007-10-21 02:05:19.000000000 +0400 @@ -14,6 +14,7 @@ #include #include #include +#include #include /* @@ -94,6 +95,9 @@ asmlinkage sys_nfsservctl(int cmd, struc int version; int err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (copy_from_user(&version, &arg->ca_version, sizeof(int))) return -EFAULT; diff -ruNp linux-2.6.22.10/fs/open.c linux-2.6.22.10-cher1/fs/open.c --- linux-2.6.22.10/fs/open.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/open.c 2007-10-21 02:05:19.000000000 +0400 @@ -123,6 +123,9 @@ asmlinkage long sys_statfs(const char __ struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk(path, &nd); if (!error) { struct statfs tmp; @@ -140,6 +143,9 @@ asmlinkage long sys_statfs64(const char struct nameidata nd; long error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (sz != sizeof(*buf)) return -EINVAL; error = user_path_walk(path, &nd); @@ -160,6 +166,9 @@ asmlinkage long sys_fstatfs(unsigned int struct statfs tmp; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EBADF; file = fget(fd); if (!file) @@ -178,6 +187,9 @@ asmlinkage long sys_fstatfs64(unsigned i struct statfs64 tmp; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (sz != sizeof(*buf)) return -EINVAL; @@ -225,6 +237,9 @@ static long do_sys_truncate(const char _ struct inode * inode; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EINVAL; if (length < 0) /* sorry, but loff_t says... */ goto out; @@ -292,6 +307,9 @@ static long do_sys_ftruncate(unsigned in struct file * file; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EINVAL; if (length < 0) goto out; @@ -364,6 +382,9 @@ asmlinkage long sys_faccessat(int dfd, c kernel_cap_t old_cap; int res; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ return -EINVAL; @@ -420,6 +441,9 @@ asmlinkage long sys_chdir(const char __u struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = __user_walk(filename, LOOKUP_FOLLOW|LOOKUP_DIRECTORY|LOOKUP_CHDIR, &nd); if (error) @@ -445,6 +469,9 @@ asmlinkage long sys_fchdir(unsigned int struct vfsmount *mnt; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EBADF; file = fget(fd); if (!file) @@ -472,6 +499,9 @@ asmlinkage long sys_chroot(const char __ struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = __user_walk(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY | LOOKUP_NOALT, &nd); if (error) goto out; @@ -501,6 +531,9 @@ asmlinkage long sys_fchmod(unsigned int int err = -EBADF; struct iattr newattrs; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + file = fget(fd); if (!file) goto out; @@ -538,6 +571,9 @@ asmlinkage long sys_fchmodat(int dfd, co int error; struct iattr newattrs; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = __user_walk_fd(dfd, filename, LOOKUP_FOLLOW, &nd); if (error) goto out; @@ -610,6 +646,9 @@ asmlinkage long sys_chown(const char __u struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk(filename, &nd); if (error) goto out; @@ -626,6 +665,9 @@ asmlinkage long sys_fchownat(int dfd, co int error = -EINVAL; int follow; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0) goto out; @@ -644,6 +686,9 @@ asmlinkage long sys_lchown(const char __ struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk_link(filename, &nd); if (error) goto out; @@ -660,6 +705,9 @@ asmlinkage long sys_fchown(unsigned int int error = -EBADF; struct dentry * dentry; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + file = fget(fd); if (!file) goto out; @@ -958,6 +1006,17 @@ long do_sys_open(int dfd, const char __u char *tmp = getname(filename); int fd = PTR_ERR(tmp); + if (!IS_ERR(tmp) && (current->sbox_flags & SBOX_NO_SYSCALLS)) { + char *s = tmp; + while (s[0] == '.' && s[1] == '/') s += 2; + for (; *s && *s != '/'; s++); + if (*s == '/') { + putname(tmp); + return -EPERM; + } + flags &= ~(O_CREAT | O_EXCL); + } + if (!IS_ERR(tmp)) { fd = get_unused_fd(); if (fd >= 0) { @@ -994,6 +1053,9 @@ asmlinkage long sys_openat(int dfd, cons { long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (force_o_largefile()) flags |= O_LARGEFILE; @@ -1087,6 +1149,9 @@ EXPORT_SYMBOL(sys_close); */ asmlinkage long sys_vhangup(void) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (capable(CAP_SYS_TTY_CONFIG)) { /* XXX: this needs locking */ tty_vhangup(current->signal->tty); @@ -1121,3 +1186,9 @@ int nonseekable_open(struct inode *inode } EXPORT_SYMBOL(nonseekable_open); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/fs/quota.c linux-2.6.22.10-cher1/fs/quota.c --- linux-2.6.22.10/fs/quota.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/quota.c 2007-10-21 02:05:19.000000000 +0400 @@ -367,6 +367,9 @@ asmlinkage long sys_quotactl(unsigned in struct super_block *sb = NULL; int ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + cmds = cmd >> SUBCMDSHIFT; type = cmd & SUBCMDMASK; diff -ruNp linux-2.6.22.10/fs/read_write.c linux-2.6.22.10-cher1/fs/read_write.c --- linux-2.6.22.10/fs/read_write.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/read_write.c 2007-10-21 02:05:19.000000000 +0400 @@ -133,6 +133,9 @@ asmlinkage off_t sys_lseek(unsigned int struct file * file; int fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = -EBADF; file = fget_light(fd, &fput_needed); if (!file) @@ -160,6 +163,9 @@ asmlinkage long sys_llseek(unsigned int loff_t offset; int fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = -EBADF; file = fget_light(fd, &fput_needed); if (!file) @@ -395,6 +401,9 @@ asmlinkage ssize_t sys_pread64(unsigned ssize_t ret = -EBADF; int fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (pos < 0) return -EINVAL; @@ -416,6 +425,9 @@ asmlinkage ssize_t sys_pwrite64(unsigned ssize_t ret = -EBADF; int fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (pos < 0) return -EINVAL; @@ -802,6 +814,9 @@ asmlinkage ssize_t sys_sendfile(int out_ off_t off; ssize_t ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (offset) { if (unlikely(get_user(off, offset))) return -EFAULT; @@ -820,6 +835,9 @@ asmlinkage ssize_t sys_sendfile64(int ou loff_t pos; ssize_t ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (offset) { if (unlikely(copy_from_user(&pos, offset, sizeof(loff_t)))) return -EFAULT; @@ -831,3 +849,9 @@ asmlinkage ssize_t sys_sendfile64(int ou return do_sendfile(out_fd, in_fd, NULL, count, 0); } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/fs/readdir.c linux-2.6.22.10-cher1/fs/readdir.c --- linux-2.6.22.10/fs/readdir.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/readdir.c 2007-10-21 02:05:19.000000000 +0400 @@ -103,6 +103,9 @@ asmlinkage long old_readdir(unsigned int struct file * file; struct readdir_callback buf; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EBADF; file = fget(fd); if (!file) @@ -187,6 +190,9 @@ asmlinkage long sys_getdents(unsigned in struct getdents_callback buf; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EFAULT; if (!access_ok(VERIFY_WRITE, dirent, count)) goto out; @@ -271,6 +277,9 @@ asmlinkage long sys_getdents64(unsigned struct getdents_callback64 buf; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EFAULT; if (!access_ok(VERIFY_WRITE, dirent, count)) goto out; @@ -303,3 +312,9 @@ out_putf: out: return error; } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/fs/signalfd.c linux-2.6.22.10-cher1/fs/signalfd.c --- linux-2.6.22.10/fs/signalfd.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/signalfd.c 2007-10-21 02:05:19.000000000 +0400 @@ -324,6 +324,9 @@ asmlinkage long sys_signalfd(int ufd, si struct inode *inode; struct signalfd_lockctx lk; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (sizemask != sizeof(sigset_t) || copy_from_user(&sigmask, user_mask, sizeof(sigmask))) return error = -EINVAL; diff -ruNp linux-2.6.22.10/fs/splice.c linux-2.6.22.10-cher1/fs/splice.c --- linux-2.6.22.10/fs/splice.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/splice.c 2007-10-21 02:05:19.000000000 +0400 @@ -1305,6 +1305,9 @@ asmlinkage long sys_vmsplice(int fd, con long error; int fput; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = -EBADF; file = fget_light(fd, &fput); if (file) { @@ -1325,6 +1328,9 @@ asmlinkage long sys_splice(int fd_in, lo struct file *in, *out; int fput_in, fput_out; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (unlikely(!len)) return 0; @@ -1542,6 +1548,9 @@ asmlinkage long sys_tee(int fdin, int fd struct file *in; int error, fput_in; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (unlikely(!len)) return 0; diff -ruNp linux-2.6.22.10/fs/stat.c linux-2.6.22.10-cher1/fs/stat.c --- linux-2.6.22.10/fs/stat.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/stat.c 2007-10-21 02:05:19.000000000 +0400 @@ -155,8 +155,12 @@ static int cp_old_stat(struct kstat *sta asmlinkage long sys_stat(char __user * filename, struct __old_kernel_stat __user * statbuf) { struct kstat stat; - int error = vfs_stat_fd(AT_FDCWD, filename, &stat); + int error; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = vfs_stat_fd(AT_FDCWD, filename, &stat); if (!error) error = cp_old_stat(&stat, statbuf); @@ -165,8 +169,12 @@ asmlinkage long sys_stat(char __user * f asmlinkage long sys_lstat(char __user * filename, struct __old_kernel_stat __user * statbuf) { struct kstat stat; - int error = vfs_lstat_fd(AT_FDCWD, filename, &stat); + int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + error = vfs_lstat_fd(AT_FDCWD, filename, &stat); if (!error) error = cp_old_stat(&stat, statbuf); @@ -175,8 +183,12 @@ asmlinkage long sys_lstat(char __user * asmlinkage long sys_fstat(unsigned int fd, struct __old_kernel_stat __user * statbuf) { struct kstat stat; - int error = vfs_fstat(fd, &stat); + int error; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = vfs_fstat(fd, &stat); if (!error) error = cp_old_stat(&stat, statbuf); @@ -238,8 +250,12 @@ static int cp_new_stat(struct kstat *sta asmlinkage long sys_newstat(char __user *filename, struct stat __user *statbuf) { struct kstat stat; - int error = vfs_stat_fd(AT_FDCWD, filename, &stat); + int error; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = vfs_stat_fd(AT_FDCWD, filename, &stat); if (!error) error = cp_new_stat(&stat, statbuf); @@ -249,8 +265,12 @@ asmlinkage long sys_newstat(char __user asmlinkage long sys_newlstat(char __user *filename, struct stat __user *statbuf) { struct kstat stat; - int error = vfs_lstat_fd(AT_FDCWD, filename, &stat); + int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + error = vfs_lstat_fd(AT_FDCWD, filename, &stat); if (!error) error = cp_new_stat(&stat, statbuf); @@ -264,6 +284,9 @@ asmlinkage long sys_newfstatat(int dfd, struct kstat stat; int error = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0) goto out; @@ -283,8 +306,12 @@ out: asmlinkage long sys_newfstat(unsigned int fd, struct stat __user *statbuf) { struct kstat stat; - int error = vfs_fstat(fd, &stat); + int error; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = vfs_fstat(fd, &stat); if (!error) error = cp_new_stat(&stat, statbuf); @@ -297,6 +324,9 @@ asmlinkage long sys_readlinkat(int dfd, struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (bufsiz <= 0) return -EINVAL; @@ -367,8 +397,12 @@ static long cp_new_stat64(struct kstat * asmlinkage long sys_stat64(char __user * filename, struct stat64 __user * statbuf) { struct kstat stat; - int error = vfs_stat(filename, &stat); + int error; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = vfs_stat(filename, &stat); if (!error) error = cp_new_stat64(&stat, statbuf); @@ -377,8 +411,12 @@ asmlinkage long sys_stat64(char __user * asmlinkage long sys_lstat64(char __user * filename, struct stat64 __user * statbuf) { struct kstat stat; - int error = vfs_lstat(filename, &stat); + int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + error = vfs_lstat(filename, &stat); if (!error) error = cp_new_stat64(&stat, statbuf); @@ -387,8 +425,12 @@ asmlinkage long sys_lstat64(char __user asmlinkage long sys_fstat64(unsigned long fd, struct stat64 __user * statbuf) { struct kstat stat; - int error = vfs_fstat(fd, &stat); + int error; + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = vfs_fstat(fd, &stat); if (!error) error = cp_new_stat64(&stat, statbuf); @@ -401,6 +443,9 @@ asmlinkage long sys_fstatat64(int dfd, c struct kstat stat; int error = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0) goto out; @@ -468,3 +513,9 @@ void inode_set_bytes(struct inode *inode } EXPORT_SYMBOL(inode_set_bytes); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/fs/super.c linux-2.6.22.10-cher1/fs/super.c --- linux-2.6.22.10/fs/super.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/super.c 2007-10-21 02:05:19.000000000 +0400 @@ -540,6 +540,9 @@ asmlinkage long sys_ustat(unsigned dev, struct kstatfs sbuf; int err = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + s = user_get_super(new_decode_dev(dev)); if (s == NULL) goto out; @@ -952,3 +955,9 @@ struct vfsmount *kern_mount(struct file_ } EXPORT_SYMBOL(kern_mount); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/fs/sync.c linux-2.6.22.10-cher1/fs/sync.c --- linux-2.6.22.10/fs/sync.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/sync.c 2007-10-21 02:05:19.000000000 +0400 @@ -38,6 +38,9 @@ static void do_sync(unsigned long wait) asmlinkage long sys_sync(void) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + do_sync(1); return 0; } @@ -120,11 +123,17 @@ static long __do_fsync(unsigned int fd, asmlinkage long sys_fsync(unsigned int fd) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + return __do_fsync(fd, 0); } asmlinkage long sys_fdatasync(unsigned int fd) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + return __do_fsync(fd, 1); } @@ -183,6 +192,9 @@ asmlinkage long sys_sync_file_range(int int fput_needed; umode_t i_mode; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ret = -EINVAL; if (flags & ~VALID_FLAGS) goto out; @@ -282,3 +294,9 @@ out: return ret; } EXPORT_SYMBOL_GPL(do_sync_mapping_range); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/fs/timerfd.c linux-2.6.22.10-cher1/fs/timerfd.c --- linux-2.6.22.10/fs/timerfd.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/timerfd.c 2007-10-21 02:05:19.000000000 +0400 @@ -159,6 +159,9 @@ asmlinkage long sys_timerfd(int ufd, int struct inode *inode; struct itimerspec ktmr; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (copy_from_user(&ktmr, utmr, sizeof(ktmr))) return -EFAULT; diff -ruNp linux-2.6.22.10/fs/utimes.c linux-2.6.22.10-cher1/fs/utimes.c --- linux-2.6.22.10/fs/utimes.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/utimes.c 2007-10-21 02:05:19.000000000 +0400 @@ -26,6 +26,9 @@ asmlinkage long sys_utime(char __user *f { struct timespec tv[2]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (times) { if (get_user(tv[0].tv_sec, ×->actime) || get_user(tv[1].tv_sec, ×->modtime)) @@ -133,6 +136,9 @@ asmlinkage long sys_utimensat(int dfd, c { struct timespec tstimes[2]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (utimes) { if (copy_from_user(&tstimes, utimes, sizeof(tstimes))) return -EFAULT; @@ -159,6 +165,9 @@ asmlinkage long sys_futimesat(int dfd, c struct timeval times[2]; struct timespec tstimes[2]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (utimes) { if (copy_from_user(×, utimes, sizeof(times))) return -EFAULT; @@ -185,3 +194,9 @@ asmlinkage long sys_utimes(char __user * { return sys_futimesat(AT_FDCWD, filename, utimes); } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/fs/xattr.c linux-2.6.22.10-cher1/fs/xattr.c --- linux-2.6.22.10/fs/xattr.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/fs/xattr.c 2007-10-21 02:05:19.000000000 +0400 @@ -233,6 +233,9 @@ sys_setxattr(char __user *path, char __u struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk(path, &nd); if (error) return error; @@ -248,6 +251,9 @@ sys_lsetxattr(char __user *path, char __ struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk_link(path, &nd); if (error) return error; @@ -264,6 +270,9 @@ sys_fsetxattr(int fd, char __user *name, struct dentry *dentry; int error = -EBADF; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + f = fget(fd); if (!f) return error; @@ -318,6 +327,9 @@ sys_getxattr(char __user *path, char __u struct nameidata nd; ssize_t error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk(path, &nd); if (error) return error; @@ -333,6 +345,9 @@ sys_lgetxattr(char __user *path, char __ struct nameidata nd; ssize_t error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk_link(path, &nd); if (error) return error; @@ -347,6 +362,9 @@ sys_fgetxattr(int fd, char __user *name, struct file *f; ssize_t error = -EBADF; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + f = fget(fd); if (!f) return error; @@ -392,6 +410,9 @@ sys_listxattr(char __user *path, char __ struct nameidata nd; ssize_t error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk(path, &nd); if (error) return error; @@ -406,6 +427,9 @@ sys_llistxattr(char __user *path, char _ struct nameidata nd; ssize_t error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk_link(path, &nd); if (error) return error; @@ -420,6 +444,9 @@ sys_flistxattr(int fd, char __user *list struct file *f; ssize_t error = -EBADF; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + f = fget(fd); if (!f) return error; @@ -453,6 +480,9 @@ sys_removexattr(char __user *path, char struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk(path, &nd); if (error) return error; @@ -467,6 +497,9 @@ sys_lremovexattr(char __user *path, char struct nameidata nd; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = user_path_walk_link(path, &nd); if (error) return error; @@ -482,6 +515,9 @@ sys_fremovexattr(int fd, char __user *na struct dentry *dentry; int error = -EBADF; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + f = fget(fd); if (!f) return error; @@ -619,3 +655,9 @@ EXPORT_SYMBOL(generic_getxattr); EXPORT_SYMBOL(generic_listxattr); EXPORT_SYMBOL(generic_setxattr); EXPORT_SYMBOL(generic_removexattr); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/include/asm-generic/resource.h linux-2.6.22.10-cher1/include/asm-generic/resource.h --- linux-2.6.22.10/include/asm-generic/resource.h 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/include/asm-generic/resource.h 2007-10-21 02:05:19.000000000 +0400 @@ -44,8 +44,9 @@ #define RLIMIT_NICE 13 /* max nice prio allowed to raise to 0-39 for nice level 19 .. -20 */ #define RLIMIT_RTPRIO 14 /* maximum realtime priority */ +#define RLIMIT_MCPU 15 /* millisecond cpu limit */ -#define RLIM_NLIMITS 15 +#define RLIM_NLIMITS 16 /* * SuS says limits have to be unsigned. @@ -86,6 +87,7 @@ [RLIMIT_MSGQUEUE] = { MQ_BYTES_MAX, MQ_BYTES_MAX }, \ [RLIMIT_NICE] = { 0, 0 }, \ [RLIMIT_RTPRIO] = { 0, 0 }, \ + [RLIMIT_MCPU] = { RLIM_INFINITY, RLIM_INFINITY }, \ } #endif /* __KERNEL__ */ diff -ruNp linux-2.6.22.10/include/linux/ptrace.h linux-2.6.22.10-cher1/include/linux/ptrace.h --- linux-2.6.22.10/include/linux/ptrace.h 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/include/linux/ptrace.h 2007-10-21 02:05:19.000000000 +0400 @@ -27,6 +27,9 @@ #define PTRACE_GETSIGINFO 0x4202 #define PTRACE_SETSIGINFO 0x4203 +#define PTRACE_MEMLIMIT 0x4280 +#define PTRACE_NO_SYSCALLS 0x4281 + /* options set using PTRACE_SETOPTIONS */ #define PTRACE_O_TRACESYSGOOD 0x00000001 #define PTRACE_O_TRACEFORK 0x00000002 diff -ruNp linux-2.6.22.10/include/linux/sched.h linux-2.6.22.10-cher1/include/linux/sched.h --- linux-2.6.22.10/include/linux/sched.h 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/include/linux/sched.h 2007-10-21 02:05:20.000000000 +0400 @@ -818,6 +818,14 @@ enum sleep_type { struct prio_array; +/* sandbox flags */ +enum { + SBOX_NO_SYSCALLS = 1, /* disable most "dangerous" syscalls */ + SBOX_NO_EXEC = 2, /* disable exec syscall */ + SBOX_MEMLIMITON = 4, /* enable memory limit check */ + SBOX_WAS_MEMLIMIT = 8, /* memory limit happened */ +}; + struct task_struct { volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */ void *stack; @@ -1076,6 +1084,8 @@ struct task_struct { #ifdef CONFIG_FAULT_INJECTION int make_it_fail; #endif + /* sandbox flags */ + int sbox_flags; }; static inline pid_t process_group(struct task_struct *tsk) diff -ruNp linux-2.6.22.10/ipc/mqueue.c linux-2.6.22.10-cher1/ipc/mqueue.c --- linux-2.6.22.10/ipc/mqueue.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/ipc/mqueue.c 2007-10-21 02:05:20.000000000 +0400 @@ -659,6 +659,9 @@ asmlinkage long sys_mq_open(const char _ char *name; int fd, error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = audit_mq_open(oflag, mode, u_attr); if (error != 0) return error; @@ -727,6 +730,9 @@ asmlinkage long sys_mq_unlink(const char struct dentry *dentry; struct inode *inode = NULL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + name = getname(u_name); if (IS_ERR(name)) return PTR_ERR(name); @@ -823,6 +829,9 @@ asmlinkage long sys_mq_timedsend(mqd_t m long timeout; int ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ret = audit_mq_timedsend(mqdes, msg_len, msg_prio, u_abs_timeout); if (ret != 0) return ret; @@ -910,6 +919,9 @@ asmlinkage ssize_t sys_mq_timedreceive(m struct mqueue_inode_info *info; struct ext_wait_queue wait; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ret = audit_mq_timedreceive(mqdes, msg_len, u_msg_prio, u_abs_timeout); if (ret != 0) return ret; @@ -994,6 +1006,9 @@ asmlinkage long sys_mq_notify(mqd_t mqde struct mqueue_inode_info *info; struct sk_buff *nc; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ret = audit_mq_notify(mqdes, u_notification); if (ret != 0) return ret; @@ -1117,6 +1132,9 @@ asmlinkage long sys_mq_getsetattr(mqd_t struct inode *inode; struct mqueue_inode_info *info; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (u_mqstat != NULL) { if (copy_from_user(&mqstat, u_mqstat, sizeof(struct mq_attr))) return -EFAULT; @@ -1285,3 +1303,9 @@ out_sysctl: } __initcall(init_mqueue_fs); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/ipc/msg.c linux-2.6.22.10-cher1/ipc/msg.c --- linux-2.6.22.10/ipc/msg.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/ipc/msg.c 2007-10-21 02:05:20.000000000 +0400 @@ -260,6 +260,9 @@ asmlinkage long sys_msgget(key_t key, in int id, ret = -EPERM; struct ipc_namespace *ns; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ns = current->nsproxy->ipc_ns; mutex_lock(&msg_ids(ns).mutex); @@ -392,6 +395,9 @@ asmlinkage long sys_msgctl(int msqid, in int err, version; struct ipc_namespace *ns; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (msqid < 0 || cmd < 0) return -EINVAL; @@ -725,6 +731,9 @@ sys_msgsnd(int msqid, struct msgbuf __us { long mtype; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (get_user(mtype, &msgp->mtype)) return -EFAULT; return do_msgsnd(msqid, mtype, msgp->mtext, msgsz, msgflg); @@ -910,6 +919,9 @@ asmlinkage long sys_msgrcv(int msqid, st { long err, mtype; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + err = do_msgrcv(msqid, &mtype, msgp->mtext, msgsz, msgtyp, msgflg); if (err < 0) goto out; diff -ruNp linux-2.6.22.10/ipc/sem.c linux-2.6.22.10-cher1/ipc/sem.c --- linux-2.6.22.10/ipc/sem.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/ipc/sem.c 2007-10-21 02:05:20.000000000 +0400 @@ -263,6 +263,9 @@ asmlinkage long sys_semget (key_t key, i struct sem_array *sma; struct ipc_namespace *ns; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ns = current->nsproxy->ipc_ns; if (nsems < 0 || nsems > ns->sc_semmsl) @@ -926,6 +929,9 @@ asmlinkage long sys_semctl (int semid, i int version; struct ipc_namespace *ns; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (semid < 0) return -EINVAL; @@ -1122,6 +1128,9 @@ asmlinkage long sys_semtimedop(int semid unsigned long jiffies_left = 0; struct ipc_namespace *ns; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ns = current->nsproxy->ipc_ns; if (nsops < 1 || semid < 0) diff -ruNp linux-2.6.22.10/ipc/shm.c linux-2.6.22.10-cher1/ipc/shm.c --- linux-2.6.22.10/ipc/shm.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/ipc/shm.c 2007-10-21 02:05:20.000000000 +0400 @@ -423,6 +423,9 @@ asmlinkage long sys_shmget (key_t key, s int err, id = 0; struct ipc_namespace *ns; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ns = current->nsproxy->ipc_ns; mutex_lock(&shm_ids(ns).mutex); @@ -584,6 +587,9 @@ asmlinkage long sys_shmctl (int shmid, i int err, version; struct ipc_namespace *ns; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (cmd < 0 || shmid < 0) { err = -EINVAL; goto out; @@ -987,6 +993,9 @@ asmlinkage long sys_shmat(int shmid, cha unsigned long ret; long err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + err = do_shmat(shmid, shmaddr, shmflg, &ret); if (err) return err; @@ -1006,6 +1015,9 @@ asmlinkage long sys_shmdt(char __user *s loff_t size = 0; int retval = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (addr & ~PAGE_MASK) return retval; diff -ruNp linux-2.6.22.10/kernel/acct.c linux-2.6.22.10-cher1/kernel/acct.c --- linux-2.6.22.10/kernel/acct.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/acct.c 2007-10-21 02:05:20.000000000 +0400 @@ -253,6 +253,9 @@ asmlinkage long sys_acct(const char __us { int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SYS_PACCT)) return -EPERM; @@ -597,3 +600,9 @@ void acct_process(void) do_acct_process(file); fput(file); } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/kernel/capability.c linux-2.6.22.10-cher1/kernel/capability.c --- linux-2.6.22.10/kernel/capability.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/capability.c 2007-10-21 02:05:20.000000000 +0400 @@ -49,6 +49,9 @@ asmlinkage long sys_capget(cap_user_head struct task_struct *target; struct __user_cap_data_struct data; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (get_user(version, &header->version)) return -EFAULT; @@ -178,6 +181,9 @@ asmlinkage long sys_capset(cap_user_head int ret; pid_t pid; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (get_user(version, &header->version)) return -EFAULT; diff -ruNp linux-2.6.22.10/kernel/compat.c linux-2.6.22.10-cher1/kernel/compat.c --- linux-2.6.22.10/kernel/compat.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/compat.c 2007-10-21 02:05:20.000000000 +0400 @@ -442,6 +442,9 @@ asmlinkage long compat_sys_sched_setaffi cpumask_t new_mask; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = compat_get_user_cpu_mask(user_mask_ptr, len, &new_mask); if (retval) return retval; @@ -457,6 +460,9 @@ asmlinkage long compat_sys_sched_getaffi unsigned long *k; unsigned int min_length = sizeof(cpumask_t); + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (NR_CPUS <= BITS_PER_COMPAT_LONG) min_length = sizeof(compat_ulong_t); @@ -782,6 +788,9 @@ compat_sys_rt_sigtimedwait (compat_sigse siginfo_t info; long ret, timeout = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (sigsetsize != sizeof(sigset_t)) return -EINVAL; @@ -861,6 +870,9 @@ asmlinkage long compat_sys_stime(compat_ struct timespec tv; int err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (get_user(tv.tv_sec, tptr)) return -EFAULT; @@ -909,6 +921,9 @@ asmlinkage long compat_sys_adjtimex(stru struct timex txc; int ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + memset(&txc, 0, sizeof(struct timex)); if (!access_ok(VERIFY_READ, utp, sizeof(struct compat_timex)) || @@ -1039,6 +1054,9 @@ compat_sys_sysinfo(struct compat_sysinfo { struct sysinfo s; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + do_sysinfo(&s); /* Check to see if any memory value is too large for 32-bit and scale diff -ruNp linux-2.6.22.10/kernel/exec_domain.c linux-2.6.22.10-cher1/kernel/exec_domain.c --- linux-2.6.22.10/kernel/exec_domain.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/exec_domain.c 2007-10-21 02:05:20.000000000 +0400 @@ -194,6 +194,9 @@ sys_personality(u_long personality) { u_long old = current->personality; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return old; + if (personality != 0xffffffff) { set_personality(personality); if (current->personality != personality) diff -ruNp linux-2.6.22.10/kernel/exit.c linux-2.6.22.10-cher1/kernel/exit.c --- linux-2.6.22.10/kernel/exit.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/exit.c 2007-10-21 02:05:20.000000000 +0400 @@ -1142,7 +1142,7 @@ static int wait_task_zombie(struct task_ { unsigned long state; int retval; - int status; + int status, status2; if (unlikely(noreap)) { pid_t pid = p->pid; @@ -1242,8 +1242,11 @@ static int wait_task_zombie(struct task_ retval = ru ? getrusage(p, RUSAGE_BOTH, ru) : 0; status = (p->signal->flags & SIGNAL_GROUP_EXIT) ? p->signal->group_exit_code : p->exit_code; + status2 = status; + if ((p->sbox_flags & SBOX_WAS_MEMLIMIT)) + status2 |= 0x10000; if (!retval && stat_addr) - retval = put_user(status, stat_addr); + retval = put_user(status2, stat_addr); if (!retval && infop) retval = put_user(SIGCHLD, &infop->si_signo); if (!retval && infop) @@ -1654,6 +1657,9 @@ asmlinkage long sys_waitid(int which, pi { long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (options & ~(WNOHANG|WNOWAIT|WEXITED|WSTOPPED|WCONTINUED)) return -EINVAL; if (!(options & (WEXITED|WSTOPPED|WCONTINUED))) @@ -1688,6 +1694,9 @@ asmlinkage long sys_wait4(pid_t pid, int { long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (options & ~(WNOHANG|WUNTRACED|WCONTINUED| __WNOTHREAD|__WCLONE|__WALL)) return -EINVAL; @@ -1710,3 +1719,9 @@ asmlinkage long sys_waitpid(pid_t pid, i } #endif + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/kernel/fork.c linux-2.6.22.10-cher1/kernel/fork.c --- linux-2.6.22.10/kernel/fork.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/fork.c 2007-10-21 02:06:28.000000000 +0400 @@ -887,7 +887,10 @@ static inline int copy_signal(unsigned l memcpy(sig->rlim, current->signal->rlim, sizeof sig->rlim); task_unlock(current->group_leader); - if (sig->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) { + if (sig->rlim[RLIMIT_MCPU].rlim_cur != RLIM_INFINITY) { + tsk->it_prof_expires = + msecs_to_cputime(sig->rlim[RLIMIT_MCPU].rlim_cur); + } else if (sig->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) { /* * New sole thread in the process gets an expiry time * of the whole CPU time limit. @@ -1233,6 +1236,7 @@ static struct task_struct *copy_process( !cputime_eq(current->signal->it_prof_expires, cputime_zero) || current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY || + current->signal->rlim[RLIMIT_MCPU].rlim_cur != RLIM_INFINITY || !list_empty(¤t->signal->cpu_timers[0]) || !list_empty(¤t->signal->cpu_timers[1]) || !list_empty(¤t->signal->cpu_timers[2])) { @@ -1362,9 +1366,13 @@ long do_fork(unsigned long clone_flags, { struct task_struct *p; int trace = 0; - struct pid *pid = alloc_pid(); + struct pid *pid = NULL; long nr; + if (unlikely(current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + pid = alloc_pid(); if (!pid) return -EAGAIN; nr = pid->nr; @@ -1595,6 +1603,9 @@ asmlinkage long sys_unshare(unsigned lon struct sem_undo_list *new_ulist = NULL; struct nsproxy *new_nsproxy = NULL, *old_nsproxy = NULL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + check_unshare_flags(&unshare_flags); /* Return -EINVAL for all unsupported flags */ @@ -1679,3 +1690,9 @@ bad_unshare_cleanup_thread: bad_unshare_out: return err; } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/kernel/kexec.c linux-2.6.22.10-cher1/kernel/kexec.c --- linux-2.6.22.10/kernel/kexec.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/kexec.c 2007-10-21 02:05:20.000000000 +0400 @@ -921,6 +921,9 @@ asmlinkage long sys_kexec_load(unsigned int locked; int result; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* We only trust the superuser with rebooting the system. */ if (!capable(CAP_SYS_BOOT)) return -EPERM; diff -ruNp linux-2.6.22.10/kernel/module.c linux-2.6.22.10-cher1/kernel/module.c --- linux-2.6.22.10/kernel/module.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/module.c 2007-10-21 02:05:20.000000000 +0400 @@ -663,6 +663,9 @@ sys_delete_module(const char __user *nam char name[MODULE_NAME_LEN]; int ret, forced = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SYS_MODULE)) return -EPERM; @@ -1985,6 +1988,9 @@ sys_init_module(void __user *umod, struct module *mod; int ret = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* Must have permission */ if (!capable(CAP_SYS_MODULE)) return -EPERM; diff -ruNp linux-2.6.22.10/kernel/posix-cpu-timers.c linux-2.6.22.10-cher1/kernel/posix-cpu-timers.c --- linux-2.6.22.10/kernel/posix-cpu-timers.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/posix-cpu-timers.c 2007-10-21 02:05:20.000000000 +0400 @@ -649,6 +649,10 @@ static void arm_timer(struct k_itimer *t cputime_lt(p->signal->it_prof_expires, timer->it.cpu.expires.cpu)) break; + i = p->signal->rlim[RLIMIT_MCPU].rlim_cur; + if (i != RLIM_INFINITY && + i <= cputime_to_msecs(timer->it.cpu.expires.cpu)) + break; i = p->signal->rlim[RLIMIT_CPU].rlim_cur; if (i != RLIM_INFINITY && i <= cputime_to_secs(timer->it.cpu.expires.cpu)) @@ -1034,6 +1038,7 @@ static void check_process_timers(struct if (list_empty(&timers[CPUCLOCK_PROF]) && cputime_eq(sig->it_prof_expires, cputime_zero) && sig->rlim[RLIMIT_CPU].rlim_cur == RLIM_INFINITY && + sig->rlim[RLIMIT_MCPU].rlim_cur == RLIM_INFINITY && list_empty(&timers[CPUCLOCK_VIRT]) && cputime_eq(sig->it_virt_expires, cputime_zero) && list_empty(&timers[CPUCLOCK_SCHED])) @@ -1160,6 +1165,33 @@ static void check_process_timers(struct prof_expires = x; } } + if (sig->rlim[RLIMIT_MCPU].rlim_cur != RLIM_INFINITY) { + unsigned long psecs = cputime_to_msecs(ptime); + cputime_t x; + if (psecs >= sig->rlim[RLIMIT_MCPU].rlim_max) { + /* + * At the hard limit, we just die. + * No need to calculate anything else now. + */ + __group_send_sig_info(SIGKILL, SEND_SIG_PRIV, tsk); + return; + } + if (psecs >= sig->rlim[RLIMIT_MCPU].rlim_cur) { + /* + * At the soft limit, send a SIGXCPU every second. + */ + __group_send_sig_info(SIGXCPU, SEND_SIG_PRIV, tsk); + if (sig->rlim[RLIMIT_MCPU].rlim_cur + < sig->rlim[RLIMIT_MCPU].rlim_max) { + sig->rlim[RLIMIT_MCPU].rlim_cur++; + } + } + x = msecs_to_cputime(sig->rlim[RLIMIT_MCPU].rlim_cur); + if (cputime_eq(prof_expires, cputime_zero) || + cputime_lt(x, prof_expires)) { + prof_expires = x; + } + } if (!cputime_eq(prof_expires, cputime_zero) || !cputime_eq(virt_expires, cputime_zero) || @@ -1392,6 +1424,9 @@ void set_process_cpu_timer(struct task_s if (tsk->signal->rlim[RLIMIT_CPU].rlim_cur < cputime_to_secs(*newval)) return; + if (tsk->signal->rlim[RLIMIT_MCPU].rlim_cur + < cputime_to_msecs(*newval)) + return; } /* diff -ruNp linux-2.6.22.10/kernel/posix-timers.c linux-2.6.22.10-cher1/kernel/posix-timers.c --- linux-2.6.22.10/kernel/posix-timers.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/posix-timers.c 2007-10-21 02:05:20.000000000 +0400 @@ -471,6 +471,9 @@ sys_timer_create(const clockid_t which_c sigevent_t event; int it_id_set = IT_ID_NOT_SET; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (invalid_clockid(which_clock)) return -EINVAL; @@ -683,6 +686,9 @@ sys_timer_gettime(timer_t timer_id, stru struct itimerspec cur_setting; unsigned long flags; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + timr = lock_timer(timer_id, &flags); if (!timr) return -EINVAL; @@ -713,6 +719,9 @@ sys_timer_getoverrun(timer_t timer_id) int overrun; long flags; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + timr = lock_timer(timer_id, &flags); if (!timr) return -EINVAL; @@ -786,6 +795,9 @@ sys_timer_settime(timer_t timer_id, int long flag; struct itimerspec *rtn = old_setting ? &old_spec : NULL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!new_setting) return -EINVAL; @@ -837,6 +849,9 @@ sys_timer_delete(timer_t timer_id) struct k_itimer *timer; long flags; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retry_delete: timer = lock_timer(timer_id, &flags); if (!timer) @@ -929,6 +944,9 @@ asmlinkage long sys_clock_settime(const { struct timespec new_tp; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (invalid_clockid(which_clock)) return -EINVAL; if (copy_from_user(&new_tp, tp, sizeof (*tp))) @@ -943,6 +961,9 @@ sys_clock_gettime(const clockid_t which_ struct timespec kernel_tp; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (invalid_clockid(which_clock)) return -EINVAL; error = CLOCK_DISPATCH(which_clock, clock_get, @@ -960,6 +981,9 @@ sys_clock_getres(const clockid_t which_c struct timespec rtn_tp; int error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (invalid_clockid(which_clock)) return -EINVAL; @@ -991,6 +1015,9 @@ sys_clock_nanosleep(const clockid_t whic { struct timespec t; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (invalid_clockid(which_clock)) return -EINVAL; @@ -1024,3 +1051,9 @@ clock_nanosleep_restart(struct restart_b return CLOCK_DISPATCH(which_clock, nsleep_restart, (restart_block)); } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/kernel/printk.c linux-2.6.22.10-cher1/kernel/printk.c --- linux-2.6.22.10/kernel/printk.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/printk.c 2007-10-21 02:05:20.000000000 +0400 @@ -314,6 +314,9 @@ out: asmlinkage long sys_syslog(int type, char __user *buf, int len) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + return do_syslog(type, buf, len); } diff -ruNp linux-2.6.22.10/kernel/ptrace.c linux-2.6.22.10-cher1/kernel/ptrace.c --- linux-2.6.22.10/kernel/ptrace.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/ptrace.c 2007-10-21 02:05:20.000000000 +0400 @@ -456,6 +456,18 @@ asmlinkage long sys_ptrace(long request, struct task_struct *child; long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + + if (request == PTRACE_MEMLIMIT) { + current->sbox_flags |= SBOX_MEMLIMITON; + return 0; + } + if (request == PTRACE_NO_SYSCALLS) { + current->sbox_flags |= SBOX_NO_SYSCALLS; + return 0; + } + /* * This lock_kernel fixes a subtle race with suid exec */ @@ -491,3 +503,9 @@ asmlinkage long sys_ptrace(long request, return ret; } #endif /* __ARCH_SYS_PTRACE */ + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/kernel/sched.c linux-2.6.22.10-cher1/kernel/sched.c --- linux-2.6.22.10/kernel/sched.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/sched.c 2007-10-21 02:05:20.000000000 +0400 @@ -4246,6 +4246,9 @@ asmlinkage long sys_nice(int increment) { long nice, retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* * Setpriority might change our priority at the same moment. * We don't have to worry. Conceptually one call occurs first @@ -4487,6 +4490,9 @@ do_sched_setscheduler(pid_t pid, int pol asmlinkage long sys_sched_setscheduler(pid_t pid, int policy, struct sched_param __user *param) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* negative values for policy are not valid */ if (policy < 0) return -EINVAL; @@ -4501,6 +4507,9 @@ asmlinkage long sys_sched_setscheduler(p */ asmlinkage long sys_sched_setparam(pid_t pid, struct sched_param __user *param) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + return do_sched_setscheduler(pid, -1, param); } @@ -4513,6 +4522,9 @@ asmlinkage long sys_sched_getscheduler(p struct task_struct *p; int retval = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (pid < 0) goto out_nounlock; @@ -4541,6 +4553,9 @@ asmlinkage long sys_sched_getparam(pid_t struct task_struct *p; int retval = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!param || pid < 0) goto out_nounlock; @@ -4636,6 +4651,9 @@ asmlinkage long sys_sched_setaffinity(pi cpumask_t new_mask; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = get_user_cpu_mask(user_mask_ptr, len, &new_mask); if (retval) return retval; @@ -4701,6 +4719,9 @@ asmlinkage long sys_sched_getaffinity(pi int ret; cpumask_t mask; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (len < sizeof(cpumask_t)) return -EINVAL; @@ -7200,3 +7221,9 @@ void set_curr_task(int cpu, struct task_ } #endif + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/kernel/signal.c linux-2.6.22.10-cher1/kernel/signal.c --- linux-2.6.22.10/kernel/signal.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/signal.c 2007-10-21 02:05:20.000000000 +0400 @@ -1110,6 +1110,24 @@ static int kill_something_info(int sig, { int ret; rcu_read_lock(); + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) { + if (pid != current->pid) { + rcu_read_unlock(); + return -EPERM; + } else if (!pid) { + pid = current->pid; + } else if (pid == -1) { + rcu_read_unlock(); + return -EPERM; + } else if (pid < 0 && current->signal->pgrp != -pid) { + rcu_read_unlock(); + return -EPERM; + } else if (pid < 0) { + pid = current->pid; + } + } + if (!pid) { ret = kill_pgrp_info(sig, info, task_pgrp(current)); } else if (pid == -1) { @@ -1952,6 +1970,9 @@ sys_rt_sigprocmask(int how, sigset_t __u int error = -EINVAL; sigset_t old_set, new_set; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* XXX: Don't preclude handling different sized sigset_t's. */ if (sigsetsize != sizeof(sigset_t)) goto out; @@ -2009,6 +2030,9 @@ out: asmlinkage long sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + return do_sigpending(set, sigsetsize); } @@ -2090,6 +2114,9 @@ sys_rt_sigtimedwait(const sigset_t __use siginfo_t info; long timeout = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* XXX: Don't preclude handling different sized sigset_t's. */ if (sigsetsize != sizeof(sigset_t)) return -EINVAL; @@ -2214,6 +2241,9 @@ static int do_tkill(int tgid, int pid, i */ asmlinkage long sys_tgkill(int tgid, int pid, int sig) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* This is only valid for single tasks */ if (pid <= 0 || tgid <= 0) return -EINVAL; @@ -2227,6 +2257,9 @@ asmlinkage long sys_tgkill(int tgid, int asmlinkage long sys_tkill(int pid, int sig) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* This is only valid for single tasks */ if (pid <= 0) return -EINVAL; @@ -2239,6 +2272,9 @@ sys_rt_sigqueueinfo(int pid, int sig, si { siginfo_t info; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (copy_from_user(&info, uinfo, sizeof(siginfo_t))) return -EFAULT; @@ -2377,6 +2413,9 @@ out: asmlinkage long sys_sigpending(old_sigset_t __user *set) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + return do_sigpending(set, sizeof(*set)); } @@ -2392,6 +2431,9 @@ sys_sigprocmask(int how, old_sigset_t __ int error; old_sigset_t old_set, new_set; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (set) { error = -EFAULT; if (copy_from_user(&new_set, set, sizeof(*set))) @@ -2483,6 +2525,9 @@ sys_ssetmask(int newmask) { int old; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + spin_lock_irq(¤t->sighand->siglock); old = current->blocked.sig[0]; @@ -2520,6 +2565,9 @@ sys_signal(int sig, __sighandler_t handl asmlinkage long sys_pause(void) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + current->state = TASK_INTERRUPTIBLE; schedule(); return -ERESTARTNOHAND; @@ -2532,6 +2580,9 @@ asmlinkage long sys_rt_sigsuspend(sigset { sigset_t newset; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* XXX: Don't preclude handling different sized sigset_t's. */ if (sigsetsize != sizeof(sigset_t)) return -EINVAL; @@ -2562,3 +2613,9 @@ void __init signals_init(void) { sigqueue_cachep = KMEM_CACHE(sigqueue, SLAB_PANIC); } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/kernel/sys.c linux-2.6.22.10-cher1/kernel/sys.c --- linux-2.6.22.10/kernel/sys.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/sys.c 2007-10-21 02:05:20.000000000 +0400 @@ -661,6 +661,9 @@ asmlinkage long sys_setpriority(int whic int error = -EINVAL; struct pid *pgrp; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (which > PRIO_USER || which < PRIO_PROCESS) goto out; @@ -725,6 +728,9 @@ asmlinkage long sys_getpriority(int whic long niceval, retval = -ESRCH; struct pid *pgrp; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (which > PRIO_USER || which < PRIO_PROCESS) return -EINVAL; @@ -883,6 +889,9 @@ asmlinkage long sys_reboot(int magic1, i { char buffer[256]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* We only trust the superuser with rebooting the system. */ if (!capable(CAP_SYS_BOOT)) return -EPERM; @@ -1005,6 +1014,9 @@ asmlinkage long sys_setregid(gid_t rgid, int new_egid = old_egid; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE); if (retval) return retval; @@ -1051,6 +1063,9 @@ asmlinkage long sys_setgid(gid_t gid) int old_egid = current->egid; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID); if (retval) return retval; @@ -1121,6 +1136,9 @@ asmlinkage long sys_setreuid(uid_t ruid, int old_ruid, old_euid, old_suid, new_ruid, new_euid; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE); if (retval) return retval; @@ -1184,6 +1202,9 @@ asmlinkage long sys_setuid(uid_t uid) int old_ruid, old_suid, new_suid; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID); if (retval) return retval; @@ -1224,6 +1245,9 @@ asmlinkage long sys_setresuid(uid_t ruid int old_suid = current->suid; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES); if (retval) return retval; @@ -1278,6 +1302,9 @@ asmlinkage long sys_setresgid(gid_t rgid { int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES); if (retval) return retval; @@ -1333,6 +1360,9 @@ asmlinkage long sys_setfsuid(uid_t uid) { int old_fsuid; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + old_fsuid = current->fsuid; if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)) return old_fsuid; @@ -1362,6 +1392,9 @@ asmlinkage long sys_setfsgid(gid_t gid) { int old_fsgid; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + old_fsgid = current->fsgid; if (security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)) return old_fsgid; @@ -1436,6 +1469,9 @@ asmlinkage long sys_setpgid(pid_t pid, p struct task_struct *group_leader = current->group_leader; int err = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!pid) pid = group_leader->pid; if (!pgid) @@ -1501,6 +1537,9 @@ out: asmlinkage long sys_getpgid(pid_t pid) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS) && pid != current->pid) + return -EPERM; + if (!pid) return process_group(current); else { @@ -1533,6 +1572,9 @@ asmlinkage long sys_getpgrp(void) asmlinkage long sys_getsid(pid_t pid) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS) && pid != current->pid) + return -EPERM; + if (!pid) return process_session(current); else { @@ -1559,6 +1601,9 @@ asmlinkage long sys_setsid(void) pid_t session; int err = -EPERM; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + write_lock_irq(&tasklist_lock); /* Fail if I am already a session leader */ @@ -1802,6 +1847,9 @@ asmlinkage long sys_setgroups(int gidset struct group_info *group_info; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SETGID)) return -EPERM; if ((unsigned)gidsetsize > NGROUPS_MAX) @@ -1865,6 +1913,9 @@ asmlinkage long sys_sethostname(char __u int errno; char tmp[__NEW_UTS_LEN]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SYS_ADMIN)) return -EPERM; if (len < 0 || len > __NEW_UTS_LEN) @@ -1910,6 +1961,9 @@ asmlinkage long sys_setdomainname(char _ int errno; char tmp[__NEW_UTS_LEN]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SYS_ADMIN)) return -EPERM; if (len < 0 || len > __NEW_UTS_LEN) @@ -1967,8 +2021,12 @@ asmlinkage long sys_setrlimit(unsigned i { struct rlimit new_rlim, *old_rlim; unsigned long it_prof_secs; + unsigned long it_prof_msecs; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (resource >= RLIM_NLIMITS) return -EINVAL; if (copy_from_user(&new_rlim, rlim, sizeof(*rlim))) @@ -1995,11 +2053,34 @@ asmlinkage long sys_setrlimit(unsigned i */ new_rlim.rlim_cur = 1; } + if (resource == RLIMIT_MCPU && new_rlim.rlim_cur == 0) { + new_rlim.rlim_cur = 1; + } task_lock(current->group_leader); *old_rlim = new_rlim; task_unlock(current->group_leader); + if (resource == RLIMIT_MCPU) { + if (new_rlim.rlim_cur == RLIM_INFINITY) + goto out; + it_prof_msecs = + cputime_to_msecs(current->signal->it_prof_expires); + if (it_prof_msecs == 0 || new_rlim.rlim_cur <= it_prof_msecs) { + unsigned long rlim_cur = new_rlim.rlim_cur; + cputime_t cputime; + + cputime = msecs_to_cputime(rlim_cur); + read_lock(&tasklist_lock); + spin_lock_irq(¤t->sighand->siglock); + set_process_cpu_timer(current, CPUCLOCK_PROF, &cputime, + NULL); + spin_unlock_irq(¤t->sighand->siglock); + read_unlock(&tasklist_lock); + } + goto out; + } + if (resource != RLIMIT_CPU) goto out; @@ -2141,6 +2222,9 @@ asmlinkage long sys_getrusage(int who, s asmlinkage long sys_umask(int mask) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return current->fs->umask; + mask = xchg(¤t->fs->umask, mask & S_IRWXUGO); return mask; } @@ -2150,6 +2234,9 @@ asmlinkage long sys_prctl(int option, un { long error; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + error = security_task_prctl(option, arg2, arg3, arg4, arg5); if (error) return error; @@ -2254,6 +2341,10 @@ asmlinkage long sys_getcpu(unsigned __us { int err = 0; int cpu = raw_smp_processor_id(); + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (cpup) err |= put_user(cpu, cpup); if (nodep) @@ -2278,3 +2369,9 @@ asmlinkage long sys_getcpu(unsigned __us } return err ? -EFAULT : 0; } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/kernel/sysctl.c linux-2.6.22.10-cher1/kernel/sysctl.c --- linux-2.6.22.10/kernel/sysctl.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/sysctl.c 2007-10-21 02:05:20.000000000 +0400 @@ -2319,6 +2319,9 @@ asmlinkage long sys_sysctl(struct __sysc int name[CTL_MAXNAME]; int i; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* Read in the sysctl name for better debug message logging */ if (copy_from_user(&tmp, args, sizeof(tmp))) return -EFAULT; diff -ruNp linux-2.6.22.10/kernel/time.c linux-2.6.22.10-cher1/kernel/time.c --- linux-2.6.22.10/kernel/time.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/time.c 2007-10-21 02:05:20.000000000 +0400 @@ -82,6 +82,9 @@ asmlinkage long sys_stime(time_t __user struct timespec tv; int err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (get_user(tv.tv_sec, tptr)) return -EFAULT; @@ -187,6 +190,9 @@ asmlinkage long sys_settimeofday(struct struct timespec new_ts; struct timezone new_tz; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (tv) { if (copy_from_user(&user_tv, tv, sizeof(*tv))) return -EFAULT; @@ -206,6 +212,9 @@ asmlinkage long sys_adjtimex(struct time struct timex txc; /* Local copy of parameter */ int ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* Copy the user data space into the kernel copy * structure. But bear in mind that the structures * may change @@ -744,3 +753,9 @@ EXPORT_SYMBOL(get_jiffies_64); #endif EXPORT_SYMBOL(jiffies); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/kernel/timer.c linux-2.6.22.10-cher1/kernel/timer.c --- linux-2.6.22.10/kernel/timer.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/timer.c 2007-10-21 02:05:20.000000000 +0400 @@ -1178,6 +1178,9 @@ asmlinkage long sys_sysinfo(struct sysin { struct sysinfo val; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + do_sysinfo(&val); if (copy_to_user(info, &val, sizeof(struct sysinfo))) @@ -1550,3 +1553,9 @@ unsigned long msleep_interruptible(unsig } EXPORT_SYMBOL(msleep_interruptible); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/kernel/uid16.c linux-2.6.22.10-cher1/kernel/uid16.c --- linux-2.6.22.10/kernel/uid16.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/kernel/uid16.c 2007-10-21 02:05:20.000000000 +0400 @@ -188,6 +188,9 @@ asmlinkage long sys_setgroups16(int gids struct group_info *group_info; int retval; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SETGID)) return -EPERM; if ((unsigned)gidsetsize > NGROUPS_MAX) @@ -227,3 +230,9 @@ asmlinkage long sys_getegid16(void) { return high2lowgid(current->egid); } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/mm/filemap.c linux-2.6.22.10-cher1/mm/filemap.c --- linux-2.6.22.10/mm/filemap.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/mm/filemap.c 2007-10-21 02:05:20.000000000 +0400 @@ -1282,6 +1282,9 @@ asmlinkage ssize_t sys_readahead(int fd, ssize_t ret; struct file *file; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ret = -EBADF; file = fget(fd); if (file) { diff -ruNp linux-2.6.22.10/mm/madvise.c linux-2.6.22.10-cher1/mm/madvise.c --- linux-2.6.22.10/mm/madvise.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/mm/madvise.c 2007-10-21 02:05:20.000000000 +0400 @@ -289,6 +289,9 @@ asmlinkage long sys_madvise(unsigned lon int error = -EINVAL; size_t len; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (madvise_need_mmap_write(behavior)) down_write(¤t->mm->mmap_sem); else diff -ruNp linux-2.6.22.10/mm/mempolicy.c linux-2.6.22.10-cher1/mm/mempolicy.c --- linux-2.6.22.10/mm/mempolicy.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/mm/mempolicy.c 2007-10-21 02:05:20.000000000 +0400 @@ -877,6 +877,9 @@ asmlinkage long sys_mbind(unsigned long nodemask_t nodes; int err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + err = get_nodes(&nodes, nmask, maxnode); if (err) return err; @@ -894,6 +897,9 @@ asmlinkage long sys_set_mempolicy(int mo int err; nodemask_t nodes; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (mode < 0 || mode > MPOL_MAX) return -EINVAL; err = get_nodes(&nodes, nmask, maxnode); @@ -913,6 +919,9 @@ asmlinkage long sys_migrate_pages(pid_t nodemask_t task_nodes; int err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + err = get_nodes(&old, old_nodes, maxnode); if (err) return err; @@ -975,6 +984,9 @@ asmlinkage long sys_get_mempolicy(int __ int err, pval; nodemask_t nodes; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (nmask != NULL && maxnode < MAX_NUMNODES) return -EINVAL; @@ -1004,6 +1016,9 @@ asmlinkage long compat_sys_get_mempolicy unsigned long nr_bits, alloc_size; DECLARE_BITMAP(bm, MAX_NUMNODES); + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + nr_bits = min_t(unsigned long, maxnode-1, MAX_NUMNODES); alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8; @@ -1030,6 +1045,9 @@ asmlinkage long compat_sys_set_mempolicy unsigned long nr_bits, alloc_size; DECLARE_BITMAP(bm, MAX_NUMNODES); + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + nr_bits = min_t(unsigned long, maxnode-1, MAX_NUMNODES); alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8; @@ -1054,6 +1072,9 @@ asmlinkage long compat_sys_mbind(compat_ unsigned long nr_bits, alloc_size; nodemask_t bm; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + nr_bits = min_t(unsigned long, maxnode-1, MAX_NUMNODES); alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8; @@ -1909,3 +1930,8 @@ out: return 0; } +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/mm/migrate.c linux-2.6.22.10-cher1/mm/migrate.c --- linux-2.6.22.10/mm/migrate.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/mm/migrate.c 2007-10-21 02:05:20.000000000 +0400 @@ -891,6 +891,9 @@ asmlinkage long sys_move_pages(pid_t pid struct mm_struct *mm; struct page_to_node *pm = NULL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* Check flags */ if (flags & ~(MPOL_MF_MOVE|MPOL_MF_MOVE_ALL)) return -EINVAL; diff -ruNp linux-2.6.22.10/mm/mincore.c linux-2.6.22.10-cher1/mm/mincore.c --- linux-2.6.22.10/mm/mincore.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/mm/mincore.c 2007-10-21 02:05:20.000000000 +0400 @@ -184,6 +184,9 @@ asmlinkage long sys_mincore(unsigned lon unsigned long pages; unsigned char *tmp; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* Check the start address: needs to be page-aligned.. */ if (start & ~PAGE_CACHE_MASK) return -EINVAL; diff -ruNp linux-2.6.22.10/mm/mlock.c linux-2.6.22.10-cher1/mm/mlock.c --- linux-2.6.22.10/mm/mlock.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/mm/mlock.c 2007-10-21 02:05:20.000000000 +0400 @@ -138,6 +138,9 @@ asmlinkage long sys_mlock(unsigned long unsigned long lock_limit; int error = -ENOMEM; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!can_do_mlock()) return -EPERM; @@ -162,6 +165,9 @@ asmlinkage long sys_munlock(unsigned lon { int ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + down_write(¤t->mm->mmap_sem); len = PAGE_ALIGN(len + (start & ~PAGE_MASK)); start &= PAGE_MASK; @@ -200,6 +206,9 @@ asmlinkage long sys_mlockall(int flags) unsigned long lock_limit; int ret = -EINVAL; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!flags || (flags & ~(MCL_CURRENT | MCL_FUTURE))) goto out; @@ -225,6 +234,9 @@ asmlinkage long sys_munlockall(void) { int ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + down_write(¤t->mm->mmap_sem); ret = do_mlockall(0); up_write(¤t->mm->mmap_sem); @@ -266,3 +278,9 @@ void user_shm_unlock(size_t size, struct spin_unlock(&shmlock_user_lock); free_uid(user); } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/mm/mmap.c linux-2.6.22.10-cher1/mm/mmap.c --- linux-2.6.22.10/mm/mmap.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/mm/mmap.c 2007-10-21 02:05:20.000000000 +0400 @@ -252,8 +252,13 @@ asmlinkage unsigned long sys_brk(unsigne * not page aligned -Ram Gupta */ rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur; - if (rlim < RLIM_INFINITY && brk - mm->start_data > rlim) + if (rlim < RLIM_INFINITY && brk - mm->start_data > rlim) { + if ((current->sbox_flags & SBOX_MEMLIMITON)) { + current->sbox_flags |= SBOX_WAS_MEMLIMIT; + send_sig(SIGKILL, current, 0); + } goto out; + } newbrk = PAGE_ALIGN(brk); oldbrk = PAGE_ALIGN(mm->brk); @@ -1475,8 +1480,13 @@ static int acct_stack_growth(struct vm_a return -ENOMEM; /* Stack limit test */ - if (size > rlim[RLIMIT_STACK].rlim_cur) + if (size > rlim[RLIMIT_STACK].rlim_cur) { + if ((current->sbox_flags & SBOX_MEMLIMITON)) { + current->sbox_flags |= SBOX_WAS_MEMLIMIT; + send_sig(SIGKILL, current, 0); + } return -ENOMEM; + } /* mlock limit tests */ if (vma->vm_flags & VM_LOCKED) { @@ -2096,8 +2106,13 @@ int may_expand_vm(struct mm_struct *mm, lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT; - if (cur + npages > lim) + if (cur + npages > lim) { + if ((current->sbox_flags & SBOX_MEMLIMITON)) { + current->sbox_flags |= SBOX_WAS_MEMLIMIT; + send_sig(SIGKILL, current, 0); + } return 0; + } return 1; } @@ -2172,3 +2187,9 @@ int install_special_mapping(struct mm_st return 0; } + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/mm/mprotect.c linux-2.6.22.10-cher1/mm/mprotect.c --- linux-2.6.22.10/mm/mprotect.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/mm/mprotect.c 2007-10-21 02:05:20.000000000 +0400 @@ -221,6 +221,10 @@ sys_mprotect(unsigned long start, size_t struct vm_area_struct *vma, *prev; int error = -EINVAL; const int grows = prot & (PROT_GROWSDOWN|PROT_GROWSUP); + + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + prot &= ~(PROT_GROWSDOWN|PROT_GROWSUP); if (grows == (PROT_GROWSDOWN|PROT_GROWSUP)) /* can't be both */ return -EINVAL; diff -ruNp linux-2.6.22.10/mm/mremap.c linux-2.6.22.10-cher1/mm/mremap.c --- linux-2.6.22.10/mm/mremap.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/mm/mremap.c 2007-10-21 02:05:20.000000000 +0400 @@ -409,6 +409,9 @@ asmlinkage unsigned long sys_mremap(unsi { unsigned long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + down_write(¤t->mm->mmap_sem); ret = do_mremap(addr, old_len, new_len, flags, new_addr); up_write(¤t->mm->mmap_sem); diff -ruNp linux-2.6.22.10/mm/swapfile.c linux-2.6.22.10-cher1/mm/swapfile.c --- linux-2.6.22.10/mm/swapfile.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/mm/swapfile.c 2007-10-21 02:05:20.000000000 +0400 @@ -1183,6 +1183,9 @@ asmlinkage long sys_swapoff(const char _ int i, type, prev; int err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SYS_ADMIN)) return -EPERM; @@ -1433,6 +1436,9 @@ asmlinkage long sys_swapon(const char __ struct inode *inode = NULL; int did_down = 0; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (!capable(CAP_SYS_ADMIN)) return -EPERM; spin_lock(&swap_lock); diff -ruNp linux-2.6.22.10/net/compat.c linux-2.6.22.10-cher1/net/compat.c --- linux-2.6.22.10/net/compat.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/net/compat.c 2007-10-21 02:05:20.000000000 +0400 @@ -647,6 +647,9 @@ asmlinkage long compat_sys_socketcall(in u32 a[6]; u32 a0, a1; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (call < SYS_SOCKET || call > SYS_RECVMSG) return -EINVAL; if (copy_from_user(a, args, nas[call])) diff -ruNp linux-2.6.22.10/net/socket.c linux-2.6.22.10-cher1/net/socket.c --- linux-2.6.22.10/net/socket.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/net/socket.c 2007-10-21 02:05:20.000000000 +0400 @@ -1203,6 +1203,9 @@ asmlinkage long sys_socket(int family, i int retval; struct socket *sock; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + retval = sock_create(family, type, protocol, &sock); if (retval < 0) goto out; @@ -1231,6 +1234,9 @@ asmlinkage long sys_socketpair(int famil int fd1, fd2, err; struct file *newfile1, *newfile2; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* * Obtain the first socket and check if the underlying protocol * supports the socketpair call. @@ -1326,6 +1332,9 @@ asmlinkage long sys_bind(int fd, struct char address[MAX_SOCK_ADDR]; int err, fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + sock = sockfd_lookup_light(fd, &err, &fput_needed); if (sock) { err = move_addr_to_kernel(umyaddr, addrlen, address); @@ -1356,6 +1365,9 @@ asmlinkage long sys_listen(int fd, int b struct socket *sock; int err, fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + sock = sockfd_lookup_light(fd, &err, &fput_needed); if (sock) { if ((unsigned)backlog > sysctl_somaxconn) @@ -1390,6 +1402,9 @@ asmlinkage long sys_accept(int fd, struc int err, len, newfd, fput_needed; char address[MAX_SOCK_ADDR]; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out; @@ -1479,6 +1494,9 @@ asmlinkage long sys_connect(int fd, stru char address[MAX_SOCK_ADDR]; int err, fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out; @@ -1511,6 +1529,9 @@ asmlinkage long sys_getsockname(int fd, char address[MAX_SOCK_ADDR]; int len, err, fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out; @@ -1542,6 +1563,9 @@ asmlinkage long sys_getpeername(int fd, char address[MAX_SOCK_ADDR]; int len, err, fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + sock = sockfd_lookup_light(fd, &err, &fput_needed); if (sock != NULL) { err = security_socket_getpeername(sock); @@ -1579,6 +1603,9 @@ asmlinkage long sys_sendto(int fd, void int fput_needed; struct file *sock_file; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + sock_file = fget_light(fd, &fput_needed); err = -EBADF; if (!sock_file) @@ -1640,6 +1667,9 @@ asmlinkage long sys_recvfrom(int fd, voi struct file *sock_file; int fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + sock_file = fget_light(fd, &fput_needed); err = -EBADF; if (!sock_file) @@ -1693,6 +1723,9 @@ asmlinkage long sys_setsockopt(int fd, i int err, fput_needed; struct socket *sock; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (optlen < 0) return -EINVAL; @@ -1727,6 +1760,9 @@ asmlinkage long sys_getsockopt(int fd, i int err, fput_needed; struct socket *sock; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + sock = sockfd_lookup_light(fd, &err, &fput_needed); if (sock != NULL) { err = security_socket_getsockopt(sock, level, optname); @@ -1756,6 +1792,9 @@ asmlinkage long sys_shutdown(int fd, int int err, fput_needed; struct socket *sock; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + sock = sockfd_lookup_light(fd, &err, &fput_needed); if (sock != NULL) { err = security_socket_shutdown(sock, how); @@ -1792,6 +1831,9 @@ asmlinkage long sys_sendmsg(int fd, stru int err, ctl_len, iov_size, total_len; int fput_needed; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + err = -EFAULT; if (MSG_CMSG_COMPAT & flags) { if (get_compat_msghdr(&msg_sys, msg_compat)) @@ -1899,6 +1941,9 @@ asmlinkage long sys_recvmsg(int fd, stru struct sockaddr __user *uaddr; int __user *uaddr_len; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (MSG_CMSG_COMPAT & flags) { if (get_compat_msghdr(&msg_sys, msg_compat)) return -EFAULT; @@ -2005,6 +2050,9 @@ asmlinkage long sys_socketcall(int call, unsigned long a0, a1; int err; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + if (call < 1 || call > SYS_RECVMSG) return -EINVAL; @@ -2342,3 +2390,9 @@ EXPORT_SYMBOL(kernel_getsockopt); EXPORT_SYMBOL(kernel_setsockopt); EXPORT_SYMBOL(kernel_sendpage); EXPORT_SYMBOL(kernel_sock_ioctl); + +/* + * Local variables: + * c-basic-offset: 8 + * End: + */ diff -ruNp linux-2.6.22.10/security/keys/keyctl.c linux-2.6.22.10-cher1/security/keys/keyctl.c --- linux-2.6.22.10/security/keys/keyctl.c 2007-10-10 21:50:35.000000000 +0400 +++ linux-2.6.22.10-cher1/security/keys/keyctl.c 2007-10-21 02:05:20.000000000 +0400 @@ -63,6 +63,9 @@ asmlinkage long sys_add_key(const char _ void *payload; long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + ret = -EINVAL; if (plen > 32767) goto error; @@ -143,6 +146,9 @@ asmlinkage long sys_request_key(const ch char type[32], *description, *callout_info; long ret; + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + /* pull the type into kernel space */ ret = key_get_type_from_user(type, _type, sizeof(type)); if (ret < 0) @@ -1062,6 +1068,9 @@ error: asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) { + if ((current->sbox_flags & SBOX_NO_SYSCALLS)) + return -EPERM; + switch (option) { case KEYCTL_GET_KEYRING_ID: return keyctl_get_keyring_ID((key_serial_t) arg2,