Instead of duplicating CAP_SYS_ADMIN check for every block-cbt ioctl
apart from BLKCBTGET simply factor out the check in the beginning of
blk_cbt_ioctl.
Signed-off-by: Nikolay Borisov <nikolay.bori...@virtuozzo.com>
---
block/blk-cbt.c | 17 +++--------------
1 file changed, 3 insertions(+), 14 deletions(-)
diff --git a/block/blk-cbt.c b/block/blk-cbt.c
index e2a9be83ac0d..269709c7589b 100644
--- a/block/blk-cbt.c
+++ b/block/blk-cbt.c
@@ -992,32 +992,21 @@ int blk_cbt_ioctl(struct block_device *bdev, unsigned
cmd, char __user *arg)
{
struct blk_user_cbt_info __user *ucbt_ioc = (struct blk_user_cbt_info
__user *) arg;
+ if (cmd != BLKCBTGET && !capable(CAP_SYS_ADMIN))
+ return -EACCES;
+
switch(cmd) {
case BLKCBTSTART:
- if (!capable(CAP_SYS_ADMIN))
- return -EACCES;
return cbt_ioc_init(bdev, ucbt_ioc);
case BLKCBTSTOP:
- if (!capable(CAP_SYS_ADMIN))
- return -EACCES;
-
return cbt_ioc_stop(bdev);
case BLKCBTGET:
return cbt_ioc_get(bdev, ucbt_ioc);
case BLKCBTSET:
- if (!capable(CAP_SYS_ADMIN))
- return -EACCES;
-
return cbt_ioc_set(bdev, ucbt_ioc, 1);
case BLKCBTCLR:
- if (!capable(CAP_SYS_ADMIN))
- return -EACCES;
-
return cbt_ioc_set(bdev, ucbt_ioc, 0);
case BLKCBTMISC:
- if (!capable(CAP_SYS_ADMIN))
- return -EACCES;
-
return cbt_ioc_misc(bdev, arg);
default:
BUG();
--
2.34.1
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
