From: Mark Fasheh Date: Wed, 19 Dec 2007 02:58:18 +0000 (-0800) Subject: ocfs2: Add missing permission checks X-Git-Tag: v2.6.25-rc1~1232^2~17 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0957f00796157564281ea6ff2cea7ef4f897775a;p=linux-2.6 ocfs2: Add missing permission checks Check that an online resize is being driven by a user with permission to change system resource limits. Signed-off-by: Mark Fasheh --- diff --git a/fs/ocfs2/ioctl.c b/fs/ocfs2/ioctl.c index 7003d5820d..5177fba516 100644 --- a/fs/ocfs2/ioctl.c +++ b/fs/ocfs2/ioctl.c @@ -144,12 +144,18 @@ int ocfs2_ioctl(struct inode * inode, struct file * filp, return ocfs2_change_file_space(filp, cmd, &sr); case OCFS2_IOC_GROUP_EXTEND: + if (!capable(CAP_SYS_RESOURCE)) + return -EPERM; + if (get_user(new_clusters, (int __user *)arg)) return -EFAULT; return ocfs2_group_extend(inode, new_clusters); case OCFS2_IOC_GROUP_ADD: case OCFS2_IOC_GROUP_ADD64: + if (!capable(CAP_SYS_RESOURCE)) + return -EPERM; + if (copy_from_user(&input, (int __user *) arg, sizeof(input))) return -EFAULT;