/linux-2.6.21.1-rsbac-1.3.4/rsbac/adf/jail/jail_main.c File Reference

#include <linux/string.h>
#include <rsbac/types.h>
#include <rsbac/aci.h>
#include <rsbac/adf_main.h>
#include <rsbac/error.h>
#include <rsbac/helpers.h>
#include <rsbac/getname.h>
#include <rsbac/network.h>
#include <rsbac/debug.h>
#include <rsbac/jail.h>

Go to the source code of this file.

Functions

static rsbac_boolean_t jail_dev_tty (struct rsbac_dev_desc_t dev)
static rsbac_jail_id_t jail_get_id (enum rsbac_target_t target, union rsbac_target_id_t tid)
static rsbac_jail_id_t jail_get_id_process (rsbac_pid_t pid)
static rsbac_jail_id_t jail_get_parent_process (rsbac_pid_t pid)
static rsbac_jail_flags_t jail_get_flags_process (rsbac_pid_t pid)
static rsbac_jail_scd_vector_t jail_get_scd_get_process (rsbac_pid_t pid)
static rsbac_jail_scd_vector_t jail_get_scd_modify_process (rsbac_pid_t pid)
static enum rsbac_adf_req_ret_t jail_check_sysrole (rsbac_uid_t owner, enum rsbac_system_role_t role)
enum rsbac_adf_req_ret_t rsbac_adf_request_jail (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner)
int rsbac_adf_set_attr_jail (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_target_t new_target, union rsbac_target_id_t new_tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner)


Function Documentation

static enum rsbac_adf_req_ret_t jail_check_sysrole ( rsbac_uid_t  owner,
enum rsbac_system_role_t  role 
) [static]

Definition at line 159 of file jail_main.c.

References A_jail_role, GRANTED, NOT_GRANTED, rsbac_get_attr, SW_JAIL, rsbac_attribute_value_t::system_role, T_USER, TRUE, and rsbac_target_id_t::user.

Referenced by rsbac_adf_request_jail().

00161 {
00162         union rsbac_target_id_t i_tid;
00163         union rsbac_attribute_value_t i_attr_val1;
00164 
00165         i_tid.user = owner;
00166         if (rsbac_get_attr(SW_JAIL, T_USER, i_tid,
00167                            A_jail_role, &i_attr_val1, TRUE)) {
00168                 rsbac_ds_get_error("jail_check_sysrole()", A_jail_role);
00169                 return (NOT_GRANTED);
00170         }
00171         /* if correct role, then grant */
00172         if (i_attr_val1.system_role == role)
00173                 return (GRANTED);
00174         else
00175                 return (NOT_GRANTED);
00176 }

static rsbac_boolean_t jail_dev_tty ( struct rsbac_dev_desc_t  dev  )  [inline, static]

Definition at line 31 of file jail_main.c.

References D_char, FALSE, rsbac_dev_desc_t::major, TRUE, and rsbac_dev_desc_t::type.

Referenced by rsbac_adf_request_jail().

00032 {
00033         if (dev.type != D_char)
00034                 return FALSE;
00035         if (((dev.major >= 2)
00036              && (dev.major <= 4)
00037             )
00038             || ((dev.major >= 128)
00039                 && (dev.major <= 143)
00040             )
00041             )
00042                 return TRUE;
00043         else
00044                 return FALSE;
00045 }

static rsbac_jail_flags_t jail_get_flags_process ( rsbac_pid_t  pid  )  [static]

Definition at line 109 of file jail_main.c.

References A_jail_flags, rsbac_attribute_value_t::jail_flags, rsbac_target_id_t::process, rsbac_get_attr, SW_JAIL, T_PROCESS, and TRUE.

Referenced by rsbac_adf_request_jail().

00110 {
00111         int err;
00112         union rsbac_target_id_t i_tid;
00113         union rsbac_attribute_value_t i_attr_val1;
00114 
00115         i_tid.process = pid;
00116         if ((err = rsbac_get_attr(SW_JAIL, T_PROCESS, i_tid,
00117                                   A_jail_flags, &i_attr_val1, TRUE))) {
00118                 rsbac_ds_get_error("jail_get_flags_process()",
00119                                    A_jail_flags);
00120                 return 0;
00121         } else
00122                 return i_attr_val1.jail_flags;
00123 }

static rsbac_jail_id_t jail_get_id ( enum rsbac_target_t  target,
union rsbac_target_id_t  tid 
) [static]

Definition at line 48 of file jail_main.c.

References A_jail_id, rsbac_attribute_value_t::jail_id, rsbac_get_attr, SW_JAIL, and TRUE.

Referenced by rsbac_adf_request_jail().

00049 {
00050         int err;
00051         union rsbac_attribute_value_t i_attr_val1;
00052 
00053         if ((err = rsbac_get_attr(SW_JAIL,
00054                                   target,
00055                                   tid, A_jail_id, &i_attr_val1, TRUE))) {
00056                 rsbac_ds_get_error("jail_get_id()", A_jail_id);
00057                 return 0;
00058         } else
00059                 return i_attr_val1.jail_id;
00060 }

static rsbac_jail_id_t jail_get_id_process ( rsbac_pid_t  pid  )  [static]

Definition at line 62 of file jail_main.c.

References A_jail_id, rsbac_attribute_value_t::jail_id, rsbac_target_id_t::process, rsbac_get_attr, SW_JAIL, T_PROCESS, and TRUE.

Referenced by rsbac_adf_request_jail().

00063 {
00064         int err;
00065         union rsbac_target_id_t i_tid;
00066         union rsbac_attribute_value_t i_attr_val1;
00067 
00068         i_tid.process = pid;
00069         if ((err = rsbac_get_attr(SW_JAIL, T_PROCESS,
00070                                   i_tid, A_jail_id, &i_attr_val1, TRUE))) {
00071                 rsbac_ds_get_error("jail_get_id_process()", A_jail_id);
00072                 return 0;
00073         } else
00074                 return i_attr_val1.jail_id;
00075 }

static rsbac_jail_id_t jail_get_parent_process ( rsbac_pid_t  pid  )  [inline, static]

Definition at line 77 of file jail_main.c.

References A_jail_parent, rsbac_attribute_value_t::jail_parent, rsbac_target_id_t::process, rsbac_get_attr, SW_JAIL, T_PROCESS, and TRUE.

Referenced by rsbac_adf_request_jail().

00078 {
00079         int err;
00080         union rsbac_target_id_t i_tid;
00081         union rsbac_attribute_value_t i_attr_val1;
00082 
00083         i_tid.process = pid;
00084         if ((err = rsbac_get_attr(SW_JAIL, T_PROCESS,
00085                                   i_tid, A_jail_parent, &i_attr_val1, TRUE))) {
00086                 rsbac_ds_get_error("jail_get_parent_process()", A_jail_parent);
00087                 return 0;
00088         } else
00089                 return i_attr_val1.jail_parent;
00090 }

static rsbac_jail_scd_vector_t jail_get_scd_get_process ( rsbac_pid_t  pid  )  [inline, static]

Definition at line 125 of file jail_main.c.

References A_jail_scd_get, rsbac_attribute_value_t::jail_scd_get, rsbac_target_id_t::process, rsbac_get_attr, SW_JAIL, T_PROCESS, and TRUE.

Referenced by rsbac_adf_request_jail().

00126 {
00127         int err;
00128         union rsbac_target_id_t i_tid;
00129         union rsbac_attribute_value_t i_attr_val1;
00130 
00131         i_tid.process = pid;
00132         if ((err = rsbac_get_attr(SW_JAIL, T_PROCESS, i_tid,
00133                                   A_jail_scd_get, &i_attr_val1, TRUE))) {
00134                 rsbac_ds_get_error("jail_get_scd_get_process()",
00135                                    A_jail_scd_get);
00136                 return 0;
00137         } else
00138                 return i_attr_val1.jail_scd_get;
00139 }

static rsbac_jail_scd_vector_t jail_get_scd_modify_process ( rsbac_pid_t  pid  )  [inline, static]

Definition at line 141 of file jail_main.c.

References A_jail_scd_modify, rsbac_attribute_value_t::jail_scd_modify, rsbac_target_id_t::process, rsbac_get_attr, SW_JAIL, T_PROCESS, and TRUE.

Referenced by rsbac_adf_request_jail().

00142 {
00143         int err;
00144         union rsbac_target_id_t i_tid;
00145         union rsbac_attribute_value_t i_attr_val1;
00146 
00147         i_tid.process = pid;
00148         if ((err = rsbac_get_attr(SW_JAIL, T_PROCESS, i_tid,
00149                                   A_jail_scd_modify,
00150                                   &i_attr_val1, TRUE))) {
00151                 rsbac_ds_get_error("jail_get_scd_modify_process()",
00152                                    A_jail_scd_modify);
00153                 return 0;
00154         } else
00155                 return i_attr_val1.jail_scd_modify;
00156 }

enum rsbac_adf_req_ret_t rsbac_adf_request_jail ( enum rsbac_adf_request_t  request,
rsbac_pid_t  caller_pid,
enum rsbac_target_t  target,
union rsbac_target_id_t  tid,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t  attr_val,
rsbac_uid_t  owner 
)

Definition at line 338 of file jail_main.c.

References A_jail_flags, A_jail_id, A_jail_ip, A_jail_max_caps, A_jail_parent, A_jail_role, A_jail_scd_get, A_jail_scd_modify, A_none, A_system_role, rsbac_target_id_t::dev, DO_NOT_CARE, JAIL_allow_all_net_family, JAIL_allow_dev_get_status, JAIL_allow_dev_mod_system, JAIL_allow_dev_read, JAIL_allow_dev_write, JAIL_allow_external_ipc, JAIL_allow_ipc_to_syslog, JAIL_allow_mount, JAIL_allow_parent_ipc, JAIL_allow_suid_files, JAIL_allow_tty_open, jail_check_sysrole(), jail_dev_tty(), jail_get_flags_process(), jail_get_id(), jail_get_id_process(), jail_get_parent_process(), jail_get_scd_get_process(), jail_get_scd_modify_process(), KERNEL_VERSION, rsbac_target_id_t::netobj, NOT_GRANTED, rsbac_target_id_t::process, R_ACCEPT, R_ADD_TO_KERNEL, R_ALTER, R_APPEND_OPEN, R_BIND, R_CONNECT, R_CREATE, R_DELETE, R_GET_PERMISSIONS_DATA, R_GET_STATUS_DATA, R_LISTEN, R_MODIFY_ATTRIBUTE, R_MODIFY_PERMISSIONS_DATA, R_MODIFY_SYSTEM_DATA, R_MOUNT, R_READ, R_READ_ATTRIBUTE, R_READ_OPEN, R_READ_WRITE_OPEN, R_RECEIVE, R_REMOVE_FROM_KERNEL, R_SEND, R_SEND_SIGNAL, R_SHUTDOWN, R_SWITCH_LOG, R_SWITCH_MODULE, R_TRACE, R_UMOUNT, R_WRITE, R_WRITE_OPEN, rsbac_jail_syslog_jail_id, rsbac_pr_debug, rsbac_printk(), RSBAC_SCD_VECTOR, rsbac_target_id_t::scd, rsbac_net_obj_desc_t::sock_p, SR_administrator, SR_security_officer, SW_FREEZE, SW_JAIL, SW_SOFTMODE, T_DEV, T_DIR, T_FIFO, T_FILE, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_NONE, T_PROCESS, T_SCD, T_SYMLINK, T_UNIXSOCK, T_USER, and UNDEFINED.

Referenced by rsbac_adf_request_int().

00345 {
00346         rsbac_jail_id_t jail_id;
00347         rsbac_jail_id_t jail_id_object;
00348         rsbac_jail_flags_t jail_flags;
00349 
00350         switch(target) {
00351         case T_DEV:
00352                 switch(request) {
00353                 case R_SEND:
00354                         if (jail_get_id_process(caller_pid))
00355                                 return NOT_GRANTED;
00356                         else
00357                                 return GRANTED;
00358                 case R_APPEND_OPEN:
00359                 case R_WRITE_OPEN:
00360                         if (jail_get_id_process(caller_pid)) {
00361                                 jail_flags =
00362                                     jail_get_flags_process(caller_pid);
00363                                 if (!(jail_flags & JAIL_allow_dev_write))
00364                                         return NOT_GRANTED;
00365                                 else if (jail_dev_tty(tid.dev)
00366                                          && !(jail_flags &
00367                                               JAIL_allow_tty_open)
00368                                     )
00369                                         return NOT_GRANTED;
00370                                 else
00371                                         return GRANTED;
00372                         } else
00373                                 return GRANTED;
00374                 case R_READ_OPEN:
00375                         if (jail_get_id_process(caller_pid)) {
00376                                 jail_flags =
00377                                     jail_get_flags_process(caller_pid);
00378                                 if (!(jail_flags & JAIL_allow_dev_read))
00379                                         return NOT_GRANTED;
00380                                 else if (jail_dev_tty(tid.dev)
00381                                          && !(jail_flags &
00382                                               JAIL_allow_tty_open)
00383                                     )
00384                                         return NOT_GRANTED;
00385                                 else
00386                                         return GRANTED;
00387                         } else
00388                                 return GRANTED;
00389                 case R_READ_WRITE_OPEN:
00390                         if (jail_get_id_process(caller_pid)) {
00391                                 jail_flags =
00392                                     jail_get_flags_process(caller_pid);
00393                                 if (!(jail_flags & JAIL_allow_dev_read)
00394                                     || !(jail_flags & JAIL_allow_dev_write)
00395                                     )
00396                                         return NOT_GRANTED;
00397                                 else if (jail_dev_tty(tid.dev)
00398                                          && !(jail_flags &
00399                                               JAIL_allow_tty_open)
00400                                     )
00401                                         return NOT_GRANTED;
00402                                 else
00403                                         return GRANTED;
00404                         } else
00405                                 return GRANTED;
00406                 case R_GET_STATUS_DATA:
00407                         if (jail_get_id_process(caller_pid)
00408                             && !(jail_get_flags_process(caller_pid) &
00409                                  JAIL_allow_dev_get_status)
00410                             )
00411                                 return NOT_GRANTED;
00412                         else
00413                                 return GRANTED;
00414                 case R_MODIFY_SYSTEM_DATA:
00415                         if (jail_get_id_process(caller_pid)
00416                             && !(jail_get_flags_process(caller_pid) &
00417                                  JAIL_allow_dev_mod_system)
00418                             )
00419                                 return NOT_GRANTED;
00420                         else
00421                                 return GRANTED;
00422                 case R_READ:
00423                         if (jail_get_id_process(caller_pid)
00424                             && !(jail_get_flags_process(caller_pid) &
00425                                  JAIL_allow_dev_read)
00426                             )
00427                                 return NOT_GRANTED;
00428                         else
00429                                 return GRANTED;
00430                 case R_WRITE:
00431                         if (jail_get_id_process(caller_pid)
00432                             && !(jail_get_flags_process(caller_pid) &
00433                                  JAIL_allow_dev_write)
00434                             )
00435                                 return NOT_GRANTED;
00436                         else
00437                                 return GRANTED;
00438                 default:
00439                         return DO_NOT_CARE;
00440                 }
00441         case T_DIR:
00442                 switch(request) {
00443                 case R_CREATE:
00444                         if (!jail_get_id_process(caller_pid))
00445                                 return GRANTED;
00446                         /* no mknod for devices or suid/sgid */
00447                         if ((attr == A_create_data)
00448                             && (S_ISCHR(attr_val.create_data.mode)
00449                                 || S_ISBLK(attr_val.create_data.mode)
00450                                 || ((attr_val.create_data.mode & (S_ISUID | S_ISGID))
00451                                     && !(jail_get_flags_process(caller_pid) & JAIL_allow_suid_files)
00452                                    )
00453                             )
00454                             )
00455                                 return NOT_GRANTED;
00456                         else
00457                                 return GRANTED;
00458                 case R_MODIFY_PERMISSIONS_DATA:
00459                         if (jail_get_id_process(caller_pid)
00460                             && (attr == A_mode)
00461                             && (attr_val.mode & (S_ISUID | S_ISGID))
00462                             && !(jail_get_flags_process(caller_pid) & JAIL_allow_suid_files)
00463                             )
00464                                 return NOT_GRANTED;
00465                         else
00466                                 return GRANTED;
00467                 default:
00468                         return DO_NOT_CARE;
00469                 }
00470         case T_FILE:
00471                 switch(request) {
00472                 case R_ADD_TO_KERNEL:
00473                 case R_REMOVE_FROM_KERNEL:
00474                         if (jail_get_id_process(caller_pid))
00475                                 return NOT_GRANTED;
00476                         else
00477                                 return GRANTED;
00478                 case R_MOUNT:
00479                 case R_UMOUNT:
00480                         if (!jail_get_id_process(caller_pid)
00481                             || (jail_get_flags_process(caller_pid) & JAIL_allow_mount)
00482                            )
00483                                 return GRANTED;
00484                         else
00485                                 return NOT_GRANTED;
00486                 case R_MODIFY_PERMISSIONS_DATA:
00487                         if (jail_get_id_process(caller_pid)
00488                             && (attr == A_mode)
00489                             && (attr_val.mode & (S_ISUID | S_ISGID))
00490                             && !(jail_get_flags_process(caller_pid) & JAIL_allow_suid_files)
00491                             )
00492                                 return NOT_GRANTED;
00493                         else
00494                                 return GRANTED;
00495                 default:
00496                         return DO_NOT_CARE;
00497                 }
00498         case T_PROCESS:
00499                 switch(request) {
00500                 case R_GET_STATUS_DATA:
00501                 case R_SEND_SIGNAL:
00502                 case R_MODIFY_SYSTEM_DATA:
00503                 case R_TRACE:
00504                         jail_id = jail_get_id_process(caller_pid);
00505                         if (!jail_id
00506                             || (jail_id == jail_get_id(target, tid))
00507                             )
00508                                 return GRANTED;
00509                         else
00510                                 return NOT_GRANTED;
00511                 case R_MODIFY_ATTRIBUTE:
00512                         switch (attr) {
00513                         case A_jail_id:
00514                         case A_jail_ip:
00515                         case A_jail_flags:
00516                         case A_jail_max_caps:
00517                         case A_jail_parent:
00518                         case A_jail_scd_get:
00519                         case A_jail_scd_modify:
00520                         /* All attributes (remove target!) */
00521                         case A_none:
00522                                 if (jail_get_id_process(caller_pid))
00523                                         return NOT_GRANTED;
00524 
00525                                 /* Security Officer? */
00526                                 return jail_check_sysrole(owner,
00527                                                           SR_security_officer);
00528                         default:
00529                                 return DO_NOT_CARE;
00530                         }
00531                 case R_READ_ATTRIBUTE:
00532                         switch (attr) {
00533                         case A_jail_id:
00534                         case A_jail_ip:
00535                         case A_jail_flags:
00536                         case A_jail_max_caps:
00537                         case A_jail_parent:
00538                         case A_jail_scd_get:
00539                         case A_jail_scd_modify:
00540                         /* All attributes (remove target!) */
00541                         case A_none:
00542                                 if (jail_get_id_process(caller_pid))
00543                                         return NOT_GRANTED;
00544 
00545                                 /* Security Officer? */
00546                                 if (jail_check_sysrole(owner, SR_administrator) ==
00547                                     NOT_GRANTED)
00548                                         return jail_check_sysrole(owner,
00549                                                                   SR_security_officer);
00550                                 else
00551                                         return GRANTED;
00552                         default:
00553                                 return (DO_NOT_CARE);
00554                         }
00555                 default:
00556                         return DO_NOT_CARE;
00557                 }
00558         case T_UNIXSOCK:
00559                 switch(request) {
00560                 case R_SEND:
00561                 case R_CONNECT:
00562                 case R_LISTEN:
00563                 case R_ACCEPT:
00564                 case R_RECEIVE:
00565 #ifdef CONFIG_RSBAC_RW
00566                 case R_READ:
00567                 case R_WRITE:
00568 #endif
00569                 case R_BIND:
00570                         jail_id = jail_get_id_process(caller_pid);
00571                         if (!jail_id)
00572                                 return GRANTED;
00573                         if (attr == A_process) {
00574                                 union rsbac_target_id_t i_tid;
00575                                 rsbac_jail_id_t jail_id_parent;
00576 
00577                                 i_tid.process = attr_val.process;
00578                                 jail_id_parent = jail_get_parent_process(caller_pid);
00579                                 if((jail_id != (jail_id_object = jail_get_id(T_PROCESS, i_tid)))
00580                                    && !((jail_flags = jail_get_flags_process(caller_pid)) & JAIL_allow_external_ipc)
00581                                    && (!(jail_flags & JAIL_allow_parent_ipc)
00582                                         || (jail_id_object != jail_id_parent)
00583                                       )
00584                                    && (!(jail_flags & JAIL_allow_ipc_to_syslog)
00585                                         || (jail_id_object != rsbac_jail_syslog_jail_id)
00586                                       )
00587                                   ) {
00588                                         rsbac_pr_debug(adf_jail,
00589                                                 "process jail %u does not match partner process jail %u, parent jail is %u -> NOT_GRANTED!\n",
00590                                                 jail_id, jail_id_object, jail_id_parent);
00591                                         return NOT_GRANTED;
00592                                 }
00593                         } else {
00594                                 if(!(jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)) {
00595                                         rsbac_pr_debug(adf_jail,
00596                                                 "process jail is %u, no allow_ipc and partner process unknown -> NOT_GRANTED!\n",
00597                                                 jail_id);
00598                                         return NOT_GRANTED;
00599                                 }
00600                         }
00601                         return GRANTED;
00602                 default:
00603                         return DO_NOT_CARE;
00604                 }
00605 #ifdef CONFIG_RSBAC_NET_OBJ
00606         case T_NETOBJ:
00607                 switch(request) {
00608                 case R_SEND:
00609                 case R_RECEIVE:
00610                 case R_CONNECT:
00611                 case R_LISTEN:
00612                 case R_ACCEPT:
00613                 case R_GET_PERMISSIONS_DATA:
00614                 case R_MODIFY_PERMISSIONS_DATA:
00615                 case R_GET_STATUS_DATA:
00616                 case R_READ:
00617                 case R_WRITE:
00618                 case R_BIND:
00619                         if (!jail_get_id_process(caller_pid))
00620                                 return GRANTED;
00621                         return (jail_check_ip(caller_pid, tid));
00622                 case R_CREATE:
00623                         if (!jail_get_id_process(caller_pid))
00624                                 return GRANTED;
00625                         if (!tid.netobj.sock_p) {
00626                                 rsbac_printk(KERN_WARNING "rsbac_adf_request_jail(): NULL sock_p on CREATE!\n");
00627                                 return NOT_GRANTED;
00628                         }
00629                         if (!tid.netobj.sock_p->ops) {
00630                                 return DO_NOT_CARE;
00631                         }
00632                         switch (tid.netobj.sock_p->ops->family) {
00633                         case AF_UNIX:
00634                                 return (GRANTED);
00635 
00636                         case AF_INET:
00637                                 switch (tid.netobj.sock_p->type) {
00638                                 case SOCK_STREAM:
00639                                 case SOCK_DGRAM:
00640                                 case SOCK_RDM:
00641                                         if (tid.netobj.sock_p->sk
00642 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00643                                             && (tid.netobj.sock_p->sk->
00644                                                 sk_protocol == IPPROTO_RAW)
00645 #else
00646                                             && (tid.netobj.sock_p->sk->
00647                                                 protocol == IPPROTO_RAW)
00648 #endif
00649                                             ) {
00650                                                 jail_flags =
00651                                                     jail_get_flags_process
00652                                                     (caller_pid);
00653                                                 if (jail_flags &
00654                                                     JAIL_allow_inet_raw)
00655                                                         return (GRANTED);
00656                                                 else
00657                                                         return NOT_GRANTED;
00658                                         } else
00659                                                 return GRANTED;
00660 
00661                                 case SOCK_RAW:
00662                                         jail_flags =
00663                                             jail_get_flags_process
00664                                             (caller_pid);
00665                                         if (jail_flags &
00666                                             JAIL_allow_inet_raw)
00667                                                 return (GRANTED);
00668                                         else
00669                                                 return NOT_GRANTED;
00670 
00671                                 default:
00672                                         return (NOT_GRANTED);
00673                                 }
00674 
00675                         default:
00676                                 jail_flags =
00677                                     jail_get_flags_process(caller_pid);
00678                                 if (jail_flags & JAIL_allow_all_net_family)
00679                                         return (GRANTED);
00680                                 else
00681                                         return (NOT_GRANTED);
00682                         }
00683                 default:
00684                         return DO_NOT_CARE;
00685                 }
00686 #endif                          /* NET_OBJ */
00687         case T_IPC:
00688                 switch(request) {
00689                 case R_ALTER:
00690                 case R_APPEND_OPEN:
00691                 case R_WRITE_OPEN:
00692                 case R_READ_OPEN:
00693                 case R_READ_WRITE_OPEN:
00694                 case R_DELETE:
00695                 case R_MODIFY_PERMISSIONS_DATA:
00696                 case R_GET_STATUS_DATA:
00697                         jail_id = jail_get_id_process(caller_pid);
00698                         if (!jail_id
00699                             || (jail_id == (jail_id_object = jail_get_id(target, tid)))
00700                             || ((jail_flags = jail_get_flags_process(caller_pid)) &
00701                                 JAIL_allow_external_ipc)
00702                             || ((jail_flags & JAIL_allow_parent_ipc)
00703                                 && (jail_get_parent_process(caller_pid) == jail_id_object)
00704                                 )
00705                             || ((jail_flags & JAIL_allow_ipc_to_syslog)
00706                                 && (rsbac_jail_syslog_jail_id == jail_id_object)
00707                                 )
00708                             )
00709                                 return GRANTED;
00710                         else {
00711                                 rsbac_pr_debug(adf_jail,
00712                                         "process jail %u does not match IPC object jail %u -> NOT_GRANTED!\n",
00713                                         jail_id, jail_id_object);
00714                                 return NOT_GRANTED;
00715                         }
00716                 case R_CREATE:
00717                         return GRANTED;
00718                 case R_MODIFY_ATTRIBUTE:
00719                         switch (attr) {
00720                         case A_jail_id:
00721                         /* All attributes (remove target!) */
00722                         case A_none:
00723                                 if (jail_get_id_process(caller_pid))
00724                                         return NOT_GRANTED;
00725 
00726                                 /* Security Officer? */
00727                                 return jail_check_sysrole(owner,
00728                                                           SR_security_officer);
00729                         default:
00730                                 return DO_NOT_CARE;
00731                         }
00732                 case R_READ_ATTRIBUTE:
00733                         switch (attr) {
00734                         case A_jail_id:
00735                         /* All attributes (remove target!) */
00736                         case A_none:
00737                                 if (jail_get_id_process(caller_pid))
00738                                         return NOT_GRANTED;
00739 
00740                                 /* Security Officer? */
00741                                 if (jail_check_sysrole(owner, SR_administrator) ==
00742                                     NOT_GRANTED)
00743                                         return jail_check_sysrole(owner,
00744                                                                   SR_security_officer);
00745                                 else
00746                                         return GRANTED;
00747                         default:
00748                                 return (DO_NOT_CARE);
00749                         }
00750                 default:
00751                         jail_id = jail_get_id_process(caller_pid);
00752                         if (!jail_id)
00753                                 return GRANTED;
00754                         if((jail_flags = jail_get_flags_process(caller_pid)) &
00755                                         JAIL_allow_external_ipc)
00756                                 return GRANTED;
00757                         jail_id_object = jail_get_id(target, tid);
00758                         if((jail_flags & JAIL_allow_parent_ipc)
00759                            && (jail_get_parent_process(caller_pid) == jail_id_object))
00760                                 return GRANTED;
00761                         if((jail_flags & JAIL_allow_ipc_to_syslog)
00762                            && (rsbac_jail_syslog_jail_id == jail_id_object))
00763                                 return GRANTED;
00764                         if(jail_id != jail_id_object) {
00765                                 rsbac_pr_debug(adf_jail,
00766                                         "process jail %u does not match IPC object jail %u -> NOT_GRANTED!\n",
00767                                         jail_id, jail_id_object);
00768                                 return NOT_GRANTED;
00769                         }
00770                         if (attr == A_process) {
00771                                 union rsbac_target_id_t i_tid;
00772                                 rsbac_jail_id_t jail_id_parent;
00773 
00774                                 i_tid.process = attr_val.process;
00775                                 jail_id_parent = jail_get_parent_process(caller_pid);
00776                                 if((jail_id != (jail_id_object = jail_get_id(T_PROCESS, i_tid)))
00777                                    && !(jail_flags & JAIL_allow_external_ipc)
00778                                    && (!(jail_flags & JAIL_allow_parent_ipc)
00779                                         || (jail_id_object != jail_id_parent)
00780                                       )
00781                                   ) {
00782                                         rsbac_pr_debug(adf_jail,
00783                                                 "process jail %u does not match partner process jail %u, parent jail is %u -> NOT_GRANTED!\n",
00784                                                 jail_id, jail_id_object, jail_id_parent);
00785                                         return NOT_GRANTED;
00786                                 }
00787                         }
00788                         return GRANTED;
00789                 }
00790         case T_FIFO:
00791         case T_SYMLINK:
00792                 switch(request) {
00793                 case R_MODIFY_PERMISSIONS_DATA:
00794                         if (jail_get_id_process(caller_pid)
00795                             && (attr == A_mode)
00796                             && (attr_val.mode & (S_ISUID | S_ISGID))
00797                             && !(jail_get_flags_process(caller_pid) & JAIL_allow_suid_files)
00798                             )
00799                                 return NOT_GRANTED;
00800                         else
00801                                 return GRANTED;
00802                 default:
00803                         return DO_NOT_CARE;
00804                 }
00805         case T_SCD:
00806                 switch(request) {
00807                 case R_MODIFY_PERMISSIONS_DATA:
00808                         if (jail_get_id_process(caller_pid))
00809                                 return NOT_GRANTED;
00810                         else
00811                                 return GRANTED;
00812                 case R_GET_STATUS_DATA:
00813                         if (jail_get_id_process(caller_pid)) {
00814                                 if (jail_get_scd_get_process(caller_pid) &
00815                                     RSBAC_SCD_VECTOR(tid.scd))
00816                                         return GRANTED;
00817                                 else
00818                                         return NOT_GRANTED;
00819                         } else
00820                                 return GRANTED;
00821                 case R_MODIFY_SYSTEM_DATA:
00822                         if (jail_get_id_process(caller_pid)) {
00823                                 if (jail_get_scd_modify_process(caller_pid)
00824                                     & RSBAC_SCD_VECTOR(tid.scd))
00825                                         return (GRANTED);
00826                                 else
00827                                         return NOT_GRANTED;
00828                         } else
00829                                 return GRANTED;
00830                 default:
00831                         return DO_NOT_CARE;
00832                 }
00833         case T_NONE:
00834                 switch(request) {
00835                 case R_ADD_TO_KERNEL:
00836                 case R_REMOVE_FROM_KERNEL:
00837                 case R_SHUTDOWN:
00838                         if (jail_get_id_process(caller_pid))
00839                                 return NOT_GRANTED;
00840                         else
00841                                 return GRANTED;
00842                 case R_SWITCH_LOG:
00843                         if (jail_get_id_process(caller_pid))
00844                                 return NOT_GRANTED;
00845                         /* test owner's fc_role */
00846                         return jail_check_sysrole(owner,
00847                                                   SR_security_officer);
00848                 case R_SWITCH_MODULE:
00849                         /* we need the switch_target */
00850                         if (attr != A_switch_target)
00851                                 return (UNDEFINED);
00852                         /* do not care for other modules */
00853                         if ((attr_val.switch_target != SW_JAIL)
00854 #ifdef CONFIG_RSBAC_SOFTMODE
00855                             && (attr_val.switch_target != SW_SOFTMODE)
00856 #endif
00857 #ifdef CONFIG_RSBAC_FREEZE
00858                             && (attr_val.switch_target != SW_FREEZE)
00859 #endif
00860                             )
00861                                 return (DO_NOT_CARE);
00862                         if (jail_get_id_process(caller_pid))
00863                                 return NOT_GRANTED;
00864                         /* test owner's fc_role */
00865                         return jail_check_sysrole(owner,
00866                                                   SR_security_officer);
00867 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE
00868                 /* switching Linux DAC */
00869                 case R_MODIFY_PERMISSIONS_DATA:
00870                         if (jail_get_id_process(caller_pid))
00871                                 return NOT_GRANTED;
00872                         else
00873                                 return GRANTED;
00874 #endif
00875                 default:
00876                         return DO_NOT_CARE;
00877                 }
00878         case T_NETDEV:
00879                 switch(request) {
00880 #ifdef CONFIG_RSBAC_JAIL_NET_DEV_PROT
00881                 case R_MODIFY_SYSTEM_DATA:
00882                 case R_BIND:
00883                         if (jail_get_id_process(caller_pid))
00884                                 return NOT_GRANTED;
00885                         else
00886                                 return GRANTED;
00887 #endif
00888                 default:
00889                         return DO_NOT_CARE;
00890                 }
00891 
00892 #if defined(CONFIG_RSBAC_NET_OBJ)
00893         case T_NETTEMP:
00894                 switch(request) {
00895                 case R_CREATE:
00896                 case R_DELETE:
00897                 case R_WRITE:
00898                         if (jail_get_id_process(caller_pid))
00899                                 return NOT_GRANTED;
00900                         return jail_check_sysrole(owner, SR_security_officer);
00901                 case R_READ:
00902                         if (jail_get_id_process(caller_pid))
00903                                 return NOT_GRANTED;
00904                         if (jail_check_sysrole(owner, SR_security_officer)
00905                             == GRANTED)
00906                                 return GRANTED;
00907                         return jail_check_sysrole(owner, SR_administrator);
00908                 default:
00909                         return DO_NOT_CARE;
00910                 }
00911 #endif
00912 
00913         case T_USER:
00914                 switch(request) {
00915                 case R_MODIFY_ATTRIBUTE:
00916                         switch (attr) {
00917                         case A_system_role:
00918                         case A_jail_role:
00919                         /* All attributes (remove target!) */
00920                         case A_none:
00921                                 if (jail_get_id_process(caller_pid))
00922                                         return NOT_GRANTED;
00923 
00924                                 /* Security Officer? */
00925                                 return jail_check_sysrole(owner,
00926                                                           SR_security_officer);
00927                         default:
00928                                 return DO_NOT_CARE;
00929                         }
00930                 case R_READ_ATTRIBUTE:
00931                         switch (attr) {
00932                         case A_system_role:
00933                         case A_jail_role:
00934                         /* All attributes (remove target!) */
00935                         case A_none:
00936                                 if (jail_get_id_process(caller_pid))
00937                                         return NOT_GRANTED;
00938 
00939                                 /* Security Officer? */
00940                                 if (jail_check_sysrole(owner, SR_administrator) ==
00941                                     NOT_GRANTED)
00942                                         return jail_check_sysrole(owner,
00943                                                                   SR_security_officer);
00944                                 else
00945                                         return GRANTED;
00946                         default:
00947                                 return (DO_NOT_CARE);
00948                         }
00949                 default:
00950                         return DO_NOT_CARE;
00951                 }
00952 
00953         /* all other cases are unknown */
00954         default:
00955                 return DO_NOT_CARE;
00956         }
00957 }

int rsbac_adf_set_attr_jail ( enum rsbac_adf_request_t  request,
rsbac_pid_t  caller_pid,
enum rsbac_target_t  target,
union rsbac_target_id_t  tid,
enum rsbac_target_t  new_target,
union rsbac_target_id_t  new_tid,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t  attr_val,
rsbac_uid_t  owner 
)

Definition at line 969 of file jail_main.c.

References A_jail_flags, A_jail_id, A_jail_ip, A_jail_max_caps, A_jail_scd_get, A_jail_scd_modify, FALSE, rsbac_attribute_value_t::jail_id, rsbac_attribute_value_t::jail_ip, rsbac_attribute_value_t::jail_max_caps, rsbac_target_id_t::netobj, rsbac_target_id_t::process, R_BIND, R_CHANGE_OWNER, R_CLONE, R_CREATE, R_EXECUTE, RSBAC_EREADFAILED, RSBAC_EWRITEFAILED, rsbac_get_attr, rsbac_printk(), rsbac_set_attr, rsbac_net_obj_desc_t::sock_p, SW_JAIL, T_FILE, T_IPC, T_NETOBJ, T_PROCESS, and TRUE.

Referenced by rsbac_adf_set_attr().

00978 {
00979 #ifdef CONFIG_RSBAC_JAIL_NET_ADJUST
00980         int err;
00981 #endif
00982         union rsbac_target_id_t i_tid;
00983         union rsbac_attribute_value_t i_attr_val1;
00984         union rsbac_attribute_value_t i_attr_val2;
00985 
00986         switch (request) {
00987         case R_CHANGE_OWNER:
00988                 switch (target) {
00989                 case T_PROCESS:
00990                         /* Adjust Linux caps */
00991                         i_tid.process = caller_pid;
00992 #ifdef CONFIG_RSBAC_SOFTMODE
00993                         if (!rsbac_softmode)
00994 #endif
00995                         {
00996                                 if (rsbac_get_attr(SW_JAIL,
00997                                                    T_PROCESS,
00998                                                    i_tid,
00999                                                    A_jail_max_caps,
01000                                                    &i_attr_val1, FALSE)) {
01001                                         rsbac_ds_get_error
01002                                             ("rsbac_adf_set_attr_jail()",
01003                                              A_jail_max_caps);
01004                                 } else {
01005                                         extern spinlock_t
01006                                             task_capability_lock;
01007 
01008                                         /* set caps for process */
01009                                         spin_lock(&task_capability_lock);
01010                                         current->cap_permitted &=
01011                                             i_attr_val1.jail_max_caps;
01012                                         current->cap_effective &=
01013                                             i_attr_val1.jail_max_caps;
01014                                         current->cap_inheritable &=
01015                                             i_attr_val1.jail_max_caps;
01016                                         spin_unlock(&task_capability_lock);
01017                                 }
01018                         }
01019                         return 0;
01020 
01021                 /* all other cases are unknown */
01022                 default:
01023                         return 0;
01024                 }
01025 
01026         case R_CLONE:
01027                 if (target == T_PROCESS) {
01028                         union rsbac_attribute_value_t i_attr_val3;
01029                         union rsbac_attribute_value_t i_attr_val4;
01030                         union rsbac_attribute_value_t i_attr_val5;
01031                         union rsbac_attribute_value_t i_attr_val6;
01032 
01033                         /* Get jail_id from first process */
01034                         if (rsbac_get_attr(SW_JAIL,
01035                                            T_PROCESS,
01036                                            tid,
01037                                            A_jail_id,
01038                                            &i_attr_val1, FALSE)) {
01039                                 rsbac_ds_get_error
01040                                     ("rsbac_adf_set_attr_jail()",
01041                                      A_jail_id);
01042                                 return (-RSBAC_EREADFAILED);
01043                         }
01044                         /* Do not copy anything, if not jailed - defaults are fine */
01045                         if(!i_attr_val1.jail_id)
01046                           return 0;
01047                         /* Get jail_ip from first process */
01048                         if (rsbac_get_attr(SW_JAIL,
01049                                            T_PROCESS,
01050                                            tid,
01051                                            A_jail_ip,
01052                                            &i_attr_val2, FALSE)) {
01053                                 rsbac_ds_get_error
01054                                     ("rsbac_adf_set_attr_jail()",
01055                                      A_jail_ip);
01056                                 return (-RSBAC_EREADFAILED);
01057                         }
01058                         /* Get jail_flags from first process */
01059                         if (rsbac_get_attr(SW_JAIL,
01060                                            T_PROCESS,
01061                                            tid,
01062                                            A_jail_flags,
01063                                            &i_attr_val3, FALSE)) {
01064                                 rsbac_ds_get_error
01065                                     ("rsbac_adf_set_attr_jail()",
01066                                      A_jail_flags);
01067                                 return (-RSBAC_EREADFAILED);
01068                         }
01069                         /* Get jail_max_caps from first process */
01070                         if (rsbac_get_attr(SW_JAIL,
01071                                            T_PROCESS,
01072                                            tid,
01073                                            A_jail_max_caps,
01074                                            &i_attr_val4, FALSE)) {
01075                                 rsbac_ds_get_error
01076                                     ("rsbac_adf_set_attr_jail()",
01077                                      A_jail_max_caps);
01078                                 return (-RSBAC_EREADFAILED);
01079                         }
01080                         /* Get jail_scd_get from first process */
01081                         if (rsbac_get_attr(SW_JAIL,
01082                                            T_PROCESS,
01083                                            tid,
01084                                            A_jail_scd_get,
01085                                            &i_attr_val5, FALSE)) {
01086                                 rsbac_ds_get_error
01087                                     ("rsbac_adf_set_attr_jail()",
01088                                      A_jail_scd_get);
01089                                 return (-RSBAC_EREADFAILED);
01090                         }
01091                         /* Get jail_scd_modify from first process */
01092                         if (rsbac_get_attr(SW_JAIL,
01093                                            T_PROCESS,
01094                                            tid,
01095                                            A_jail_scd_modify,
01096                                            &i_attr_val6, FALSE)) {
01097                                 rsbac_ds_get_error
01098                                     ("rsbac_adf_set_attr_jail()",
01099                                      A_jail_scd_modify);
01100                                 return (-RSBAC_EREADFAILED);
01101                         }
01102                         /* Set jail_id for new process */
01103                         if (rsbac_set_attr(SW_JAIL,
01104                                            T_PROCESS,
01105                                            new_tid,
01106                                            A_jail_id, i_attr_val1)) {
01107                                 rsbac_ds_set_error
01108                                     ("rsbac_adf_set_attr_jail()",
01109                                      A_jail_id);
01110                                 return (-RSBAC_EWRITEFAILED);
01111                         }
01112                         /* Set jail_ip for new process */
01113                         if (rsbac_set_attr(SW_JAIL,
01114                                            T_PROCESS,
01115                                            new_tid,
01116                                            A_jail_ip, i_attr_val2)) {
01117                                 rsbac_ds_set_error
01118                                     ("rsbac_adf_set_attr_jail()",
01119                                      A_jail_ip);
01120                                 return (-RSBAC_EWRITEFAILED);
01121                         }
01122                         /* Set jail_flags for new process */
01123                         if (rsbac_set_attr(SW_JAIL,
01124                                            T_PROCESS,
01125                                            new_tid,
01126                                            A_jail_flags, i_attr_val3)) {
01127                                 rsbac_ds_set_error
01128                                     ("rsbac_adf_set_attr_jail()",
01129                                      A_jail_flags);
01130                                 return (-RSBAC_EWRITEFAILED);
01131                         }
01132                         /* Set jail_max_caps for new process */
01133                         if (rsbac_set_attr(SW_JAIL,
01134                                            T_PROCESS,
01135                                            new_tid,
01136                                            A_jail_max_caps, i_attr_val4)) {
01137                                 rsbac_ds_set_error
01138                                     ("rsbac_adf_set_attr_jail()",
01139                                      A_jail_max_caps);
01140                                 return (-RSBAC_EWRITEFAILED);
01141                         }
01142                         /* Set jail_scd_get for new process */
01143                         if (rsbac_set_attr(SW_JAIL,
01144                                            T_PROCESS,
01145                                            new_tid,
01146                                            A_jail_scd_get, i_attr_val5)) {
01147                                 rsbac_ds_set_error
01148                                     ("rsbac_adf_set_attr_jail()",
01149                                      A_jail_scd_get);
01150                                 return (-RSBAC_EWRITEFAILED);
01151                         }
01152                         /* Set jail_scd_modify for new process */
01153                         if (rsbac_set_attr(SW_JAIL,
01154                                            T_PROCESS,
01155                                            new_tid,
01156                                            A_jail_scd_modify,
01157                                            i_attr_val6)) {
01158                                 rsbac_ds_set_error
01159                                     ("rsbac_adf_set_attr_jail()",
01160                                      A_jail_scd_modify);
01161                                 return (-RSBAC_EWRITEFAILED);
01162                         }
01163                         return 0;
01164                 } else
01165                         return 0;
01166 
01167         case R_EXECUTE:
01168                 switch (target) {
01169                 case T_FILE:
01170                         /* Adjust Linux caps */
01171                         i_tid.process = caller_pid;
01172 #ifdef CONFIG_RSBAC_SOFTMODE
01173                         if (!rsbac_softmode)
01174 #endif
01175                         {
01176                                 if (rsbac_get_attr(SW_JAIL,
01177                                                    T_PROCESS,
01178                                                    i_tid,
01179                                                    A_jail_max_caps,
01180                                                    &i_attr_val1, FALSE)) {
01181                                         rsbac_ds_get_error
01182                                             ("rsbac_adf_set_attr_jail()",
01183                                              A_jail_max_caps);
01184                                 } else {
01185                                         extern spinlock_t
01186                                             task_capability_lock;
01187 
01188                                         /* set caps for process */
01189                                         spin_lock(&task_capability_lock);
01190                                         current->cap_permitted &=
01191                                             i_attr_val1.jail_max_caps;
01192                                         current->cap_effective &=
01193                                             i_attr_val1.jail_max_caps;
01194                                         current->cap_inheritable &=
01195                                             i_attr_val1.jail_max_caps;
01196                                         spin_unlock(&task_capability_lock);
01197                                 }
01198                         }
01199                         return 0;
01200 
01201                 /* all other cases are unknown */
01202                 default:
01203                         return 0;
01204                 }
01205 
01206         case R_CREATE:
01207                 if (target == T_IPC) {
01208                         /* Get jail_id from process */
01209                         i_tid.process = caller_pid;
01210                         if (rsbac_get_attr(SW_JAIL,
01211                                            T_PROCESS,
01212                                            i_tid,
01213                                            A_jail_id,
01214                                            &i_attr_val1, FALSE)) {
01215                                 rsbac_ds_get_error
01216                                     ("rsbac_adf_set_attr_jail()",
01217                                      A_jail_id);
01218                                 return (-RSBAC_EREADFAILED);
01219                         }
01220                         /* Set jail_id for new IPC */
01221                         if (rsbac_set_attr(SW_JAIL,
01222                                            T_IPC,
01223                                            tid, A_jail_id, i_attr_val1)) {
01224                                 rsbac_ds_set_error
01225                                     ("rsbac_adf_set_attr_jail()",
01226                                      A_jail_id);
01227                                 return (-RSBAC_EWRITEFAILED);
01228                         }
01229                         return 0;
01230                 }
01231                 /* fall through */
01232 
01233 #ifdef CONFIG_RSBAC_JAIL_NET_ADJUST
01234         case R_BIND:
01235                 if (target != T_NETOBJ)
01236                         return 0;
01237                 if (!tid.netobj.sock_p) {
01238                         rsbac_printk(KERN_WARNING
01239                                      "rsbac_adf_set_attr_jail(): NULL sock_p!\n");
01240                         return 0;
01241                 }
01242                 if (!tid.netobj.sock_p->ops) {
01243                         return 0;
01244                 }
01245                 switch (tid.netobj.sock_p->ops->family) {
01246                 case AF_INET:
01247                         i_tid.process = caller_pid;
01248                         if ((err = rsbac_get_attr(SW_JAIL,
01249                                                   T_PROCESS,
01250                                                   i_tid,
01251                                                   A_jail_ip,
01252                                                   &i_attr_val1, TRUE))) {
01253                                 rsbac_ds_get_error
01254                                     ("rsbac_adf_set_attr_jail()",
01255                                      A_jail_ip);
01256                                 return -RSBAC_EREADFAILED;
01257                         }
01258                         if (i_attr_val1.jail_ip == INADDR_ANY)
01259                                 return 0;
01260                         if ((err = rsbac_get_attr(SW_JAIL,
01261                                                   T_PROCESS,
01262                                                   i_tid,
01263                                                   A_jail_flags,
01264                                                   &i_attr_val2, TRUE))) {
01265                                 rsbac_ds_get_error
01266                                     ("rsbac_adf_set_attr_jail()",
01267                                      A_jail_flags);
01268                                 return -RSBAC_EREADFAILED;
01269                         }
01270                         if (i_attr_val2.
01271                             jail_flags & JAIL_auto_adjust_inet_any) {
01272 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01273                                 inet_sk(tid.netobj.sock_p->sk)->rcv_saddr =
01274                                     i_attr_val1.jail_ip;
01275                                 inet_sk(tid.netobj.sock_p->sk)->saddr =
01276                                     i_attr_val1.jail_ip;
01277 #else
01278                                 tid.netobj.sock_p->sk->rcv_saddr =
01279                                     i_attr_val1.jail_ip;
01280                                 tid.netobj.sock_p->sk->saddr =
01281                                     i_attr_val1.jail_ip;
01282 #endif
01283                         }
01284                         return 0;
01285 
01286                 default:
01287                         break;
01288                 }
01289 #endif
01290                 return 0;
01291         default:
01292                 return 0;
01293         }
01294 
01295         return 0;
01296 }


Generated on Wed May 16 11:54:12 2007 for RSBAC by  doxygen 1.5.1