On Wed, 2013-08-07 at 15:37 +0800, Rui Xiang wrote:
[...]
> --- a/kernel/printk.c
> +++ b/kernel/printk.c
[...]
> @@ -1125,6 +1129,51 @@ static int syslog_print_all(char __user *buf, int size, bool clear,
> return len;
> }
>
> +static int create_syslog_ns(void)
> +{
> + struct user_namespace *userns = current_user_ns();
> + struct syslog_namespace *oldns, *newns;
> + int err;
> +
> + /*
> + * syslog ns belongs to a user ns. So you can only unshare your
> + * user_ns if you share a user_ns with your parent userns
It looks like this should say:
* syslog_ns if you share a syslog_ns with your parent user_ns
> + */
> + if (userns == &init_user_ns ||
> + userns->syslog_ns != userns->parent->syslog_ns)
> + return -EINVAL;
> +
> + if (!ns_capable(userns, CAP_SYSLOG))
> + return -EPERM;
> +
> + err = -ENOMEM;
> + oldns = userns->syslog_ns;
> + newns = kzalloc(sizeof(*newns), GFP_ATOMIC);
This doesn't appear to be an atomic context, so use GFP_KERNEL.
> + if (!newns)
> + goto out;
> + newns->log_buf_len = __LOG_BUF_LEN;
> + newns->log_buf = kzalloc(newns->log_buf_len, GFP_ATOMIC);
[...]
Same here.
Also¸ I'm not sure that __LOG_BUF_LEN is the right length. OpenVZ
certainly uses a small buffer for container syslogs (4K) rather than
using the same length as the global syslog. Maybe it should be
separately configutable.
Ben.
--
Ben Hutchings, Staff Engineer, Solarflare
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
