/*
* To have permissions to do most of the vt ioctls, we either have
- * to be the owner of the tty, or super-user.
+ * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
*/
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
return 1;
return 0;
}
/*
* To have permissions to do most of the vt ioctls, we either have
- * to be the owner of the tty, or super-user.
+ * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
*/
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
return 1;
return 0;
}
/*
* To have permissions to do most of the vt ioctls, we either have
- * to be the owner of the tty, or super-user.
+ * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
*/
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
return 1;
return 0;
}
char *ptr;
char line[LINE_SIZE];
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
/* Can't seek (pwrite) on this device */
return -ENOIOCTLCMD;
case MTRRIOC_ADD_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
break;
case MTRRIOC_SET_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
break;
case MTRRIOC_DEL_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
break;
case MTRRIOC_KILL_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
break;
case MTRRIOC_ADD_PAGE_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
break;
case MTRRIOC_SET_PAGE_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
break;
case MTRRIOC_DEL_PAGE_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
break;
case MTRRIOC_KILL_PAGE_ENTRY:
- if (!suser ())
+ if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
if (ctlr > MAX_CTLR || hba[ctlr] == NULL)
return -ENXIO;
- if (!suser() && ida_sizes[(ctlr << CTLR_SHIFT) +
+ if (!capable(CAP_SYS_RAWIO) && ida_sizes[(ctlr << CTLR_SHIFT) +
minor(inode->i_rdev)] == 0)
return -ENXIO;
* but I'm already using way to many device nodes to claim another one
* for "raw controller".
*/
- if (suser()
+ if (capable(CAP_SYS_ADMIN)
&& ida_sizes[(ctlr << CTLR_SHIFT) + minor(inode->i_rdev)] == 0
&& minor(inode->i_rdev) != 0)
return -ENXIO;
case BLKRRPART:
return revalidate_logvol(inode->i_rdev, 1);
case IDAPASSTHRU:
- if (!suser()) return -EPERM;
+ if (!capable(CAP_SYS_RAWIO)) return -EPERM;
error = copy_from_user(&my_io, io, sizeof(my_io));
if (error) return error;
error = ida_ctlr_ioctl(ctlr, dsk, &my_io);
if (devnum >= floppy_count)
return -ENODEV;
- if ((cmd & 0x80) && !suser())
+ if ((cmd & 0x80) && !capable(CAP_SYS_ADMIN))
return -EPERM;
fs = &floppy_states[devnum];
if (devnum >= floppy_count)
return -ENODEV;
- if ((cmd & 0x80) && !suser())
+ if ((cmd & 0x80) && !capable(CAP_SYS_ADMIN))
return -EPERM;
fs = &floppy_states[devnum];
old_flags = pCh->flags;
old_baud_divisor = pCh->BaudDivisor;
- if ( !suser() ) {
+ if ( !capable(CAP_SYS_ADMIN) ) {
if ( ( ns.close_delay != pCh->ClosingDelay ) ||
( (ns.flags & ~ASYNC_USR_MASK) !=
(pCh->flags & ~ASYNC_USR_MASK) ) ) {
(new_serial.baud_base != 921600))
return (-EPERM);
- if (!suser()) {
+ if (!capable(CAP_SYS_ADMIN)) {
if (((new_serial.flags & ~ASYNC_USR_MASK) !=
(info->asyncflags & ~ASYNC_USR_MASK)))
return (-EPERM);
flags = info->flags & ASYNC_SPD_MASK;
- if (!suser()) {
+ if (!capable(CAP_SYS_ADMIN)) {
if ((new_serial.baud_base != info->baud_base) ||
(new_serial.close_delay != info->close_delay) ||
((new_serial.flags & ~ASYNC_USR_MASK) !=
func_enter();
/* The "dev" argument isn't used. */
- rc = -riocontrol (p, 0, cmd, (void *)arg, suser ());
+ rc = -riocontrol (p, 0, cmd, (void *)arg, capable(CAP_SYS_ADMIN));
func_exit ();
return rc;
if (copy_from_user(&new_serial, new_info, sizeof(new_serial)))
return -EFAULT;
-#ifdef CAP_SYS_ADMIN
if (!capable(CAP_SYS_ADMIN))
-#else
- if (!suser())
-#endif
{
if ((new_serial.flags & ~ROCKET_USR_MASK) !=
(info->flags & ~ROCKET_USR_MASK))
return -EFAULT;
old_info = *info;
- if (!suser()) {
+ if (!capable(CAP_SYS_ADMIN)) {
if ((new_serial.close_delay != info->close_delay) ||
((new_serial.flags & ASYNC_FLAGS & ~ASYNC_USR_MASK) !=
(info->flags & ASYNC_FLAGS & ~ASYNC_USR_MASK)))
retval = -ENODEV;
filp->f_flags = saved_flags;
- if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !suser())
+ if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
retval = -EBUSY;
if (retval) {
{
char ch, mbz = 0;
- if ((current->tty != tty) && !suser())
+ if ((current->tty != tty) && !capable(CAP_SYS_ADMIN))
return -EPERM;
if (get_user(ch, arg))
return -EFAULT;
{
if (IS_SYSCONS_DEV(inode->i_rdev) ||
IS_CONSOLE_DEV(inode->i_rdev)) {
- if (!suser())
+ if (!capable(CAP_SYS_ADMIN))
return -EPERM;
redirect = NULL;
return 0;
* This tty is already the controlling
* tty for another session group!
*/
- if ((arg == 1) && suser()) {
+ if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
/*
* Steal it away
*/
/*
* To have permissions to do most of the vt ioctls, we either have
- * to be the owner of the tty, or super-user.
+ * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
*/
perm = 0;
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
perm = 1;
kbd = kbd_table + console;
{
struct kbd_repeat kbrep;
- if (!capable(CAP_SYS_ADMIN))
+ if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
if (copy_from_user(&kbrep, (void *)arg,
case KDGETKEYCODE:
case KDSETKEYCODE:
- if(!capable(CAP_SYS_ADMIN))
+ if(!capable(CAP_SYS_TTY_CONFIG))
perm=0;
return do_kbkeycode_ioctl(cmd, (struct kbkeycode *)arg, perm);
return do_unimap_ioctl(cmd, (struct unimapdesc *)arg, perm);
case VT_LOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
vt_dont_switch = 1;
return 0;
case VT_UNLOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
vt_dont_switch = 0;
return 0;
case VIDIOCSFBUF:
{
struct video_buffer v;
-#if LINUX_VERSION_CODE >= 0x020100
- if(!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_ADMIN))
-#else
- if(!suser())
-#endif
+ if(!capable(CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user(&v, arg,sizeof(v)))
return -EFAULT;
err = unbind_request(i, &buf.bind_info);
break;
case DS_BIND_MTD:
- if (!suser()) return -EPERM;
+ if (!capable(CAP_SYS_ADMIN)) return -EPERM;
err = bind_mtd(i, &buf.mtd_info);
break;
default:
/*
* Superuser-mode settings affect the driver overall ---
*/
- if (!suser()) {
+ if (!capable(CAP_SYS_TTY_CONFIG)) {
return -EPERM;
} else if (strncmp(mybuf, "index=", 6) == 0) {
tty3270_proc_index = simple_strtoul(mybuf + 6, 0,0);
// must be super user to send stuff directly to the
// controller and/or physical drives...
- if( !capable(CAP_SYS_ADMIN) )
+ if( !capable(CAP_SYS_RAWIO) )
return -EPERM;
// copy the caller's struct to our space.
/*
* There is not enough space for user on the device
*/
- if (!fsuser() && ufs_freespace(usb1, UFS_MINFREE) <= 0) {
+ if (!capable(CAP_SYS_RESOURCE) && ufs_freespace(usb1, UFS_MINFREE) <= 0) {
unlock_super (sb);
UFSD(("EXIT (FAILED)\n"))
return 0;
projects / linux / commitdiff