Hi,
this patch (on 2.4.4) replaces the calls for suser()
in vt.c by capable(CAP_SYS_ADMIN).
Any comments are welcome.
I am not on the kernel list. Please CC me followups
to [EMAIL PROTECTED]
Thomas
diff -urN -X dontdiff linux-2.4.4.ori/drivers/char/vt.c linux/drivers/char/vt.c
--- linux-2.4.4.ori/drivers/char/vt.c Fri Feb 9 20:30:22 2001
+++ linux/drivers/char/vt.c Sun May 6 23:16:06 2001
@@ -435,10 +435,10 @@
/*
* To have permissions to do most of the vt ioctls, we either have
- * to be the owner of the tty, or super-user.
+ * to be the owner of the tty, or SYS_ADMIN capability.
*/
perm = 0;
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_ADMIN))
perm = 1;
kbd = kbd_table + console;
@@ -505,7 +505,7 @@
struct kbd_repeat kbrep;
if (!mach_kbdrate) return( -EINVAL );
- if (!suser()) return( -EPERM );
+ if (!capable(CAP_SYS_ADMIN)) return( -EPERM );
if (copy_from_user(&kbrep, (void *)arg,
sizeof(struct kbd_repeat)))
@@ -1038,12 +1038,12 @@
return do_unimap_ioctl(cmd, (struct unimapdesc *)arg, perm);
case VT_LOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_ADMIN))
return -EPERM;
vt_dont_switch = 1;
return 0;
case VT_UNLOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_ADMIN))
return -EPERM;
vt_dont_switch = 0;
return 0;
diff -urN -X dontdiff linux-2.4.4.ori/include/linux/capability.h
linux/include/linux/capability.h
--- linux-2.4.4.ori/include/linux/capability.h Sat Apr 28 00:48:29 2001
+++ linux/include/linux/capability.h Sun May 6 23:22:31 2001
@@ -231,6 +231,7 @@
/* Allow enabling/disabling tagged queuing on SCSI controllers and sending
arbitrary SCSI commands */
/* Allow setting encryption key on loopback filesystem */
+/* Allow using virtual terminal administrative ioctl() */
#define CAP_SYS_ADMIN 21
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
