diff -NurpP --minimal linux-2.6.9-vs1.9.3-w02-c1/fs/attr.c linux-2.6.9-vs1.9.3-w03-h1/fs/attr.c --- linux-2.6.9-vs1.9.3-w02-c1/fs/attr.c 2005-01-13 13:19:12.000000000 +0100 +++ linux-2.6.9-vs1.9.3-w03-h1/fs/attr.c 2005-01-13 13:19:35.000000000 +0100 @@ -64,22 +64,19 @@ int inode_change_ok(struct inode *inode, goto fine; if (IS_BARRIER(inode)) { - printk(KERN_WARNING - "VSW: xid=%d messing with the barrier.\n", + vxwprintk(1, "xid=%d messing with the barrier.", vx_current_xid()); goto error; } switch (inode->i_sb->s_magic) { case PROC_SUPER_MAGIC: - printk(KERN_WARNING - "VSW: xid=%d messing with the procfs.\n", + vxwprintk(1, "xid=%d messing with the procfs.", vx_current_xid()); goto error; case DEVPTS_SUPER_MAGIC: if (vx_check(inode->i_xid, VX_IDENT)) goto fine; - printk(KERN_WARNING - "VSW: xid=%d messing with the devpts.\n", + vxwprintk(1, "xid=%d messing with the devpts.", vx_current_xid()); goto error; } diff -NurpP --minimal linux-2.6.9-vs1.9.3-w02-c1/fs/ext2/inode.c linux-2.6.9-vs1.9.3-w03-h1/fs/ext2/inode.c --- linux-2.6.9-vs1.9.3-w02-c1/fs/ext2/inode.c 2005-01-13 12:40:41.000000000 +0100 +++ linux-2.6.9-vs1.9.3-w03-h1/fs/ext2/inode.c 2005-01-13 13:19:35.000000000 +0100 @@ -1030,7 +1030,7 @@ void ext2_set_inode_flags(struct inode * { unsigned int flags = EXT2_I(inode)->i_flags; - inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC); + inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_IUNLINK|S_BARRIER|S_NOATIME|S_DIRSYNC); if (flags & EXT2_SYNC_FL) inode->i_flags |= S_SYNC; if (flags & EXT2_APPEND_FL) diff -NurpP --minimal linux-2.6.9-vs1.9.3-w02-c1/fs/ext3/inode.c linux-2.6.9-vs1.9.3-w03-h1/fs/ext3/inode.c --- linux-2.6.9-vs1.9.3-w02-c1/fs/ext3/inode.c 2005-01-13 12:40:41.000000000 +0100 +++ linux-2.6.9-vs1.9.3-w03-h1/fs/ext3/inode.c 2005-01-13 13:19:35.000000000 +0100 @@ -2482,7 +2482,7 @@ void ext3_set_inode_flags(struct inode * { unsigned int flags = EXT3_I(inode)->i_flags; - inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC); + inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_IUNLINK|S_BARRIER|S_NOATIME|S_DIRSYNC); if (flags & EXT3_SYNC_FL) inode->i_flags |= S_SYNC; if (flags & EXT3_APPEND_FL) diff -NurpP --minimal linux-2.6.9-vs1.9.3-w02-c1/fs/namei.c linux-2.6.9-vs1.9.3-w03-h1/fs/namei.c --- linux-2.6.9-vs1.9.3-w02-c1/fs/namei.c 2005-01-13 13:19:12.000000000 +0100 +++ linux-2.6.9-vs1.9.3-w03-h1/fs/namei.c 2005-01-13 13:19:35.000000000 +0100 @@ -214,15 +214,19 @@ int vfs_permission(struct inode * inode, static inline int xid_permission(struct inode *inode, int mask, struct nameidata *nd) { + if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN)) { + vxwprintk(1, "xid=%d did hit the barrier.", + vx_current_xid()); + return -EACCES; + } if (inode->i_xid == 0) return 0; if (vx_check(inode->i_xid, VX_ADMIN|VX_WATCH|VX_IDENT)) return 0; -/* - printk("VSW: xid=%d denied access to %p[#%d,%lu] »%*s«.\n", + + vxwprintk(1, "xid=%d denied access to %p[#%d,%lu] »%s«.", vx_current_xid(), inode, inode->i_xid, inode->i_ino, - nd->dentry->d_name.len, nd->dentry->d_name.name); -*/ + vxd_path(nd->dentry, nd->mnt)); return -EACCES; } @@ -638,15 +642,33 @@ static int do_lookup(struct nameidata *n { struct vfsmount *mnt = nd->mnt; struct dentry *dentry = __d_lookup(nd->dentry, name); + struct inode *inode; if (!dentry) goto need_lookup; if (dentry->d_op && dentry->d_op->d_revalidate) goto need_revalidate; + inode = dentry->d_inode; + if (!inode) + goto done; + if (!vx_check(inode->i_xid, VX_WATCH|VX_HOSTID|VX_IDENT)) + goto hidden; + if (inode->i_sb->s_magic == PROC_SUPER_MAGIC) { + struct proc_dir_entry *de = PDE(inode); + + if (de && !vx_hide_check(0, de->vx_flags)) + goto hidden; + } done: path->mnt = mnt; path->dentry = dentry; return 0; +hidden: + vxwprintk(1, "xid=%d did lookup hidden %p[#%d,%lu] »%s«.", + vx_current_xid(), inode, inode->i_xid, inode->i_ino, + vxd_path(dentry, mnt)); + dput(dentry); + return -ENOENT; need_lookup: dentry = real_lookup(nd->dentry, name, nd); diff -NurpP --minimal linux-2.6.9-vs1.9.3-w02-c1/fs/proc/generic.c linux-2.6.9-vs1.9.3-w03-h1/fs/proc/generic.c --- linux-2.6.9-vs1.9.3-w02-c1/fs/proc/generic.c 2005-01-13 13:19:12.000000000 +0100 +++ linux-2.6.9-vs1.9.3-w03-h1/fs/proc/generic.c 2005-01-13 13:19:35.000000000 +0100 @@ -352,15 +352,8 @@ static int proc_delete_dentry(struct den return 1; } -static int proc_revalidate_dentry(struct dentry *de, struct nameidata *nd) -{ - /* maybe add a check if it's really necessary? */ - return 0; -} - static struct dentry_operations proc_dentry_operations = { - .d_revalidate = proc_revalidate_dentry, .d_delete = proc_delete_dentry, }; @@ -387,7 +380,8 @@ struct dentry *proc_lookup(struct inode error = -EINVAL; inode = proc_get_inode(dir->i_sb, ino, de); - inode->i_xid = vx_current_xid(); + /* generic proc entries belong to the host */ + inode->i_xid = 0; break; } } diff -NurpP --minimal linux-2.6.9-vs1.9.3-w02-c1/include/linux/vs_context.h.orig linux-2.6.9-vs1.9.3-w03-h1/include/linux/vs_context.h.orig diff -NurpP --minimal linux-2.6.9-vs1.9.3-w02-c1/include/linux/vs_network.h linux-2.6.9-vs1.9.3-w03-h1/include/linux/vs_network.h --- linux-2.6.9-vs1.9.3-w02-c1/include/linux/vs_network.h 2005-01-13 13:39:03.000000000 +0100 +++ linux-2.6.9-vs1.9.3-w03-h1/include/linux/vs_network.h 2005-01-13 13:19:35.000000000 +0100 @@ -6,9 +6,6 @@ #include "vserver/debug.h" -extern int proc_pid_nx_info(struct task_struct *, char *); - - #define get_nx_info(i) __get_nx_info(i,__FILE__,__LINE__) static inline struct nx_info *__get_nx_info(struct nx_info *nxi, diff -NurpP --minimal linux-2.6.9-vs1.9.3-w02-c1/include/linux/vserver/context.h linux-2.6.9-vs1.9.3-w03-h1/include/linux/vserver/context.h --- linux-2.6.9-vs1.9.3-w02-c1/include/linux/vserver/context.h 2005-01-13 13:39:03.000000000 +0100 +++ linux-2.6.9-vs1.9.3-w03-h1/include/linux/vserver/context.h 2005-01-13 13:19:35.000000000 +0100 @@ -145,8 +145,6 @@ extern int vx_info_is_hashed(xid_t); extern int vx_migrate_task(struct task_struct *, struct vx_info *); -extern int proc_pid_vx_info(struct task_struct *, char *); - extern long vs_context_state(unsigned int); #endif /* __KERNEL__ */ diff -NurpP --minimal linux-2.6.9-vs1.9.3-w02-c1/include/linux/vserver/context.h.orig linux-2.6.9-vs1.9.3-w03-h1/include/linux/vserver/context.h.orig diff -NurpP --minimal linux-2.6.9-vs1.9.3-w02-c1/kernel/vserver/context.c.orig linux-2.6.9-vs1.9.3-w03-h1/kernel/vserver/context.c.orig diff -NurpP --minimal linux-2.6.9-vs1.9.3-w02-c1/kernel/vserver/inode.c linux-2.6.9-vs1.9.3-w03-h1/kernel/vserver/inode.c --- linux-2.6.9-vs1.9.3-w02-c1/kernel/vserver/inode.c 2005-01-13 13:39:03.000000000 +0100 +++ linux-2.6.9-vs1.9.3-w03-h1/kernel/vserver/inode.c 2005-01-13 13:19:35.000000000 +0100 @@ -26,6 +26,8 @@ static int __vc_get_iattr(struct inode *in, uint32_t *xid, uint32_t *flags, uint32_t *mask) { + struct proc_dir_entry *entry; + if (!in || !in->i_sb) return -ESRCH; @@ -43,8 +45,9 @@ static int __vc_get_iattr(struct inode * *mask |= IATTR_XID; } - if (in->i_sb->s_magic == PROC_SUPER_MAGIC) { - struct proc_dir_entry *entry = PROC_I(in)->pde; + switch (in->i_sb->s_magic) { + case PROC_SUPER_MAGIC: + entry = PROC_I(in)->pde; // check for specific inodes ? if (entry) @@ -53,6 +56,15 @@ static int __vc_get_iattr(struct inode * *flags |= (entry->vx_flags & IATTR_FLAGS); else *flags |= (PROC_I(in)->vx_flags & IATTR_FLAGS); + break; + + case DEVPTS_SUPER_MAGIC: + *xid = in->i_xid; + *mask |= IATTR_XID; + break; + + default: + break; } return 0; } diff -NurpP --minimal linux-2.6.9-vs1.9.3-w02-c1/kernel/vserver/proc.c linux-2.6.9-vs1.9.3-w03-h1/kernel/vserver/proc.c --- linux-2.6.9-vs1.9.3-w02-c1/kernel/vserver/proc.c 2005-01-13 13:18:53.000000000 +0100 +++ linux-2.6.9-vs1.9.3-w03-h1/kernel/vserver/proc.c 2005-01-13 13:19:35.000000000 +0100 @@ -828,7 +828,7 @@ void proc_vx_init(void) } proc_virtual = ent; - ent = proc_mkdir("vnet", 0); + ent = proc_mkdir("virtnet", 0); if (ent) { ent->proc_fops = &proc_vnet_dir_operations; ent->proc_iops = &proc_vnet_dir_inode_operations;