aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorKees Cook <kees.cook@canonical.com>2010-02-03 18:37:13 -0500
committerJames Morris <jmorris@namei.org>2010-02-03 22:20:41 -0500
commitd78ca3cd733d8a2c3dcd88471beb1a15d973eed8 (patch)
treea27ccf86f5f7df3cc987d0203ed0bff2db46db57 /security
parent002345925e6c45861f60db6f4fc6236713fd8847 (diff)
syslog: use defined constants instead of raw numbers
Right now the syslog "type" action are just raw numbers which makes the source difficult to follow. This patch replaces the raw numbers with defined constants for some level of sanity. Signed-off-by: Kees Cook <kees.cook@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/commoncap.c5
-rw-r--r--security/selinux/hooks.c21
2 files changed, 14 insertions, 12 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index 677fad9d5cb..cf01b2eebb6 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -897,9 +897,10 @@ error:
897int cap_syslog(int type, bool from_file) 897int cap_syslog(int type, bool from_file)
898{ 898{
899 /* /proc/kmsg can open be opened by CAP_SYS_ADMIN */ 899 /* /proc/kmsg can open be opened by CAP_SYS_ADMIN */
900 if (type != 1 && from_file) 900 if (type != SYSLOG_ACTION_OPEN && from_file)
901 return 0; 901 return 0;
902 if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) 902 if ((type != SYSLOG_ACTION_READ_ALL &&
903 type != SYSLOG_ACTION_SIZE_BUFFER) && !capable(CAP_SYS_ADMIN))
903 return -EPERM; 904 return -EPERM;
904 return 0; 905 return 0;
905} 906}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a4862a0730f..6b36ce2eef2 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2059,20 +2059,21 @@ static int selinux_syslog(int type, bool from_file)
2059 return rc; 2059 return rc;
2060 2060
2061 switch (type) { 2061 switch (type) {
2062 case 3: /* Read last kernel messages */ 2062 case SYSLOG_ACTION_READ_ALL: /* Read last kernel messages */
2063 case 10: /* Return size of the log buffer */ 2063 case SYSLOG_ACTION_SIZE_BUFFER: /* Return size of the log buffer */
2064 rc = task_has_system(current, SYSTEM__SYSLOG_READ); 2064 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
2065 break; 2065 break;
2066 case 6: /* Disable logging to console */ 2066 case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console */
2067 case 7: /* Enable logging to console */ 2067 case SYSLOG_ACTION_CONSOLE_ON: /* Enable logging to console */
2068 case 8: /* Set level of messages printed to console */ 2068 /* Set level of messages printed to console */
2069 case SYSLOG_ACTION_CONSOLE_LEVEL:
2069 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE); 2070 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
2070 break; 2071 break;
2071 case 0: /* Close log */ 2072 case SYSLOG_ACTION_CLOSE: /* Close log */
2072 case 1: /* Open log */ 2073 case SYSLOG_ACTION_OPEN: /* Open log */
2073 case 2: /* Read from log */ 2074 case SYSLOG_ACTION_READ: /* Read from log */
2074 case 4: /* Read/clear last kernel messages */ 2075 case SYSLOG_ACTION_READ_CLEAR: /* Read/clear last kernel messages */
2075 case 5: /* Clear ring buffer */ 2076 case SYSLOG_ACTION_CLEAR: /* Clear ring buffer */
2076 default: 2077 default:
2077 rc = task_has_system(current, SYSTEM__SYSLOG_MOD); 2078 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
2078 break; 2079 break;