| Issue 88: | Adding capabilities check to the OHSM kernel driver code and some magic numbers | |
| 1 person starred this issue and may be notified of changes. | Back to list |
We surely need to have some kind of protection to avoid usage of OHSM by anyone else other the admin. So, we surely require to add majic numbers to the ioctls and capability checks. something like, #define OHSM_IOC_ENABLE _IOW(OHSM_IOC_MAGIC, 1, struct ohsm_info_ioctl) #define OHSM_IOC_DISBALE _IOW(OHSM_IOC_MAGIC, 2, int) #define OHSM_DISP_ALLOC _IO(OHSM_IOC_MAGIC, 3) #define OHSM_DISP_RELOC _IO(OHSM_IOC_MAGIC, 4) Also, capability checks. Refer:http://www.makelinux.net/ldd3/chp-6-sect-1.shtml
Jul 16, 2009
Working on this, but before adding capabilities it would be better to decide the permissions, should all the permissions remain with admin or some permissions like viewing the policy can be granted to othe users.
Status:
In-progress
Jul 16, 2009
Take a call dude. Remember that other users can have read only access. Meaning that all the ioctl that just reads the data structures should be allowed. List all of them here and lets discuss it, if you want.
Jul 16, 2009
Hmm, taking calls. Enable: Admin Disable: Admin See Active Policies : All Debug ioctls: Display inode info : All Display sam: Admin Demo Relocation: Admin I m moving on with it.
Jul 16, 2009
When you go ahead there would be some more recent ioctls added set tier info ADMIN set alloc policy ADMIN set reloc policy ADMIN Get tier info ALL get alloc policy ALL get reloc policy ALL selective relocate (applying rules selectively ) ADMIN relocate ADMIN status ALL
Jul 17, 2009
Rohit, Thanks for adding the capabilities checks. How about the majic numbers stuffs?? Can you please get that done asap? Refer: Some of the ext2 ioctls, how they do it... Its simple.. Look at my previous replies on this thread, I have provided other reference too.
Jul 18, 2009
Yes, i have seen the link, its not much clear, they are talking about some configuration of the driver using the macros and magic numbers. |
Labels: -Priority-Medium -target-Release2.0 Priority-Critical Target-Release1.1