diff options
author | Kees Cook <kees.cook@canonical.com> | 2010-02-03 18:36:43 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-02-03 22:20:12 -0500 |
commit | 002345925e6c45861f60db6f4fc6236713fd8847 (patch) | |
tree | d7849eafe1755116597166bbebf43e2bee86cb76 /fs | |
parent | 0719aaf5ead7555b7b7a4a080ebf2826a871384e (diff) |
syslog: distinguish between /proc/kmsg and syscalls
This allows the LSM to distinguish between syslog functions originating
from /proc/kmsg access and direct syscalls. By default, the commoncaps
will now no longer require CAP_SYS_ADMIN to read an opened /proc/kmsg
file descriptor. For example the kernel syslog reader can now drop
privileges after opening /proc/kmsg, instead of staying privileged with
CAP_SYS_ADMIN. MAC systems that implement security_syslog have unchanged
behavior.
Signed-off-by: Kees Cook <kees.cook@canonical.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/proc/kmsg.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/fs/proc/kmsg.c b/fs/proc/kmsg.c index 7ca78346d3f0..6a3d843a1088 100644 --- a/fs/proc/kmsg.c +++ b/fs/proc/kmsg.c | |||
@@ -12,37 +12,37 @@ | |||
12 | #include <linux/poll.h> | 12 | #include <linux/poll.h> |
13 | #include <linux/proc_fs.h> | 13 | #include <linux/proc_fs.h> |
14 | #include <linux/fs.h> | 14 | #include <linux/fs.h> |
15 | #include <linux/syslog.h> | ||
15 | 16 | ||
16 | #include <asm/uaccess.h> | 17 | #include <asm/uaccess.h> |
17 | #include <asm/io.h> | 18 | #include <asm/io.h> |
18 | 19 | ||
19 | extern wait_queue_head_t log_wait; | 20 | extern wait_queue_head_t log_wait; |
20 | 21 | ||
21 | extern int do_syslog(int type, char __user *bug, int count); | ||
22 | |||
23 | static int kmsg_open(struct inode * inode, struct file * file) | 22 | static int kmsg_open(struct inode * inode, struct file * file) |
24 | { | 23 | { |
25 | return do_syslog(1,NULL,0); | 24 | return do_syslog(1, NULL, 0, SYSLOG_FROM_FILE); |
26 | } | 25 | } |
27 | 26 | ||
28 | static int kmsg_release(struct inode * inode, struct file * file) | 27 | static int kmsg_release(struct inode * inode, struct file * file) |
29 | { | 28 | { |
30 | (void) do_syslog(0,NULL,0); | 29 | (void) do_syslog(0, NULL, 0, SYSLOG_FROM_FILE); |
31 | return 0; | 30 | return 0; |
32 | } | 31 | } |
33 | 32 | ||
34 | static ssize_t kmsg_read(struct file *file, char __user *buf, | 33 | static ssize_t kmsg_read(struct file *file, char __user *buf, |
35 | size_t count, loff_t *ppos) | 34 | size_t count, loff_t *ppos) |
36 | { | 35 | { |
37 | if ((file->f_flags & O_NONBLOCK) && !do_syslog(9, NULL, 0)) | 36 | if ((file->f_flags & O_NONBLOCK) && |
37 | !do_syslog(9, NULL, 0, SYSLOG_FROM_FILE)) | ||
38 | return -EAGAIN; | 38 | return -EAGAIN; |
39 | return do_syslog(2, buf, count); | 39 | return do_syslog(2, buf, count, SYSLOG_FROM_FILE); |
40 | } | 40 | } |
41 | 41 | ||
42 | static unsigned int kmsg_poll(struct file *file, poll_table *wait) | 42 | static unsigned int kmsg_poll(struct file *file, poll_table *wait) |
43 | { | 43 | { |
44 | poll_wait(file, &log_wait, wait); | 44 | poll_wait(file, &log_wait, wait); |
45 | if (do_syslog(9, NULL, 0)) | 45 | if (do_syslog(9, NULL, 0, SYSLOG_FROM_FILE)) |
46 | return POLLIN | POLLRDNORM; | 46 | return POLLIN | POLLRDNORM; |
47 | return 0; | 47 | return 0; |
48 | } | 48 | } |