rpms/kernel/FC-3 linux-2.6.11-scsi-st_ioctl-CAP_ADMIN.patch, NONE, 1.1 kernel-2.6.spec, 1.807, 1.808

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Apr 20 02:52:03 UTC 2005


Update of /cvs/dist/rpms/kernel/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv24880

Modified Files:
	kernel-2.6.spec 
Added Files:
	linux-2.6.11-scsi-st_ioctl-CAP_ADMIN.patch 
Log Message:
SCSI tape security: require CAP_ADMIN for SG_IO etc. (#155355)



linux-2.6.11-scsi-st_ioctl-CAP_ADMIN.patch:
 st.c |    6 ++++++
 1 files changed, 6 insertions(+)

--- NEW FILE linux-2.6.11-scsi-st_ioctl-CAP_ADMIN.patch ---
--- linux-2.6.9/drivers/scsi/st.c~	2005-04-19 22:40:46.000000000 -0400
+++ linux-2.6.9/drivers/scsi/st.c	2005-04-19 22:41:59.000000000 -0400
@@ -3408,11 +3408,17 @@ static int st_ioctl(struct inode *inode,
 		case SCSI_IOCTL_GET_BUS_NUMBER:
 			break;
 		default:
+		if (!capable(CAP_SYS_ADMIN))
+			i = -EPERM;
+		else
 			i = scsi_cmd_ioctl(file, STp->disk, cmd_in, p);
 			if (i != -ENOTTY)
 				return i;
 			break;
 	}
+	if (!capable(CAP_SYS_ADMIN) &&
+	    (cmd_in == SCSI_IOCTL_START_UNIT || cmd_in == SCSI_IOCTL_STOP_UNIT))
+		return -EPERM;
 	return scsi_ioctl(STp->device, cmd_in, p);
 
  out:


Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/FC-3/kernel-2.6.spec,v
retrieving revision 1.807
retrieving revision 1.808
diff -u -r1.807 -r1.808
--- kernel-2.6.spec	18 Apr 2005 05:06:55 -0000	1.807
+++ kernel-2.6.spec	20 Apr 2005 02:52:00 -0000	1.808
@@ -269,6 +269,7 @@
 # SCSI bits.
 Patch1130: linux-2.6.10-scsi-blacklist.patch
 Patch1131: linux-2.6.9-scsi-advansys-enabler.patch
+Patch1132: linux-2.6.11-scsi-st_ioctl-CAP_ADMIN.patch
 Patch1136: linux-2.6.9-scsi-megaraid-legacy.patch
 
 
@@ -539,6 +540,8 @@
 %patch1130 -p1
 # Enable Advansys driver
 %patch1131 -p1
+# SCSI tape security: require CAP_ADMIN for SG_IO etc.
+%patch1132 -p1
 # Enable both new and old megaraid drivers.
 %patch1136 -p1
 
@@ -895,6 +898,9 @@
 %endif
 
 %changelog
+* Tue Apr 19 2005 Dave Jones <davej at redhat.com>
+- SCSI tape security: require CAP_ADMIN for SG_IO etc. (#155355)
+
 * Mon Apr 18 2005 Dave Jones <davej at redhat.com>
 - Retry more aggressively during USB device initialization
 




More information about the fedora-cvs-commits mailing list