diff options
| author | Linus Torvalds <torvalds@g5.osdl.org> | 2006-03-25 12:24:53 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-03-25 12:24:53 -0500 |
| commit | 1b9a3917366028cc451a98dd22e3bcd537d4e5c1 (patch) | |
| tree | d911058720e0a9aeeaf9f407ccdc6fbf4047f47d /ipc | |
| parent | 3661f00e2097676847deb01add1a0918044bd816 (diff) | |
| parent | 71e1c784b24a026a490b3de01541fc5ee14ebc09 (diff) | |
Merge branch 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (22 commits)
[PATCH] fix audit_init failure path
[PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end and audit_format
[PATCH] sem2mutex: audit_netlink_sem
[PATCH] simplify audit_free() locking
[PATCH] Fix audit operators
[PATCH] promiscuous mode
[PATCH] Add tty to syscall audit records
[PATCH] add/remove rule update
[PATCH] audit string fields interface + consumer
[PATCH] SE Linux audit events
[PATCH] Minor cosmetic cleanups to the code moved into auditfilter.c
[PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL
[PATCH] Fix IA64 success/failure indication in syscall auditing.
[PATCH] Miscellaneous bug and warning fixes
[PATCH] Capture selinux subject/object context information.
[PATCH] Exclude messages by message type
[PATCH] Collect more inode information during syscall processing.
[PATCH] Pass dentry, not just name, in fsnotify creation hooks.
[PATCH] Define new range of userspace messages.
[PATCH] Filter rule comparators
...
Fixed trivial conflict in security/selinux/hooks.c
Diffstat (limited to 'ipc')
| -rw-r--r-- | ipc/msg.c | 5 | ||||
| -rw-r--r-- | ipc/sem.c | 5 | ||||
| -rw-r--r-- | ipc/shm.c | 4 |
3 files changed, 7 insertions, 7 deletions
| @@ -428,8 +428,6 @@ asmlinkage long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf) | |||
| 428 | return -EFAULT; | 428 | return -EFAULT; |
| 429 | if (copy_msqid_from_user (&setbuf, buf, version)) | 429 | if (copy_msqid_from_user (&setbuf, buf, version)) |
| 430 | return -EFAULT; | 430 | return -EFAULT; |
| 431 | if ((err = audit_ipc_perms(setbuf.qbytes, setbuf.uid, setbuf.gid, setbuf.mode))) | ||
| 432 | return err; | ||
| 433 | break; | 431 | break; |
| 434 | case IPC_RMID: | 432 | case IPC_RMID: |
| 435 | break; | 433 | break; |
| @@ -460,6 +458,9 @@ asmlinkage long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf) | |||
| 460 | switch (cmd) { | 458 | switch (cmd) { |
| 461 | case IPC_SET: | 459 | case IPC_SET: |
| 462 | { | 460 | { |
| 461 | if ((err = audit_ipc_perms(setbuf.qbytes, setbuf.uid, setbuf.gid, setbuf.mode, ipcp))) | ||
| 462 | goto out_unlock_up; | ||
| 463 | |||
| 463 | err = -EPERM; | 464 | err = -EPERM; |
| 464 | if (setbuf.qbytes > msg_ctlmnb && !capable(CAP_SYS_RESOURCE)) | 465 | if (setbuf.qbytes > msg_ctlmnb && !capable(CAP_SYS_RESOURCE)) |
| 465 | goto out_unlock_up; | 466 | goto out_unlock_up; |
| @@ -809,8 +809,6 @@ static int semctl_down(int semid, int semnum, int cmd, int version, union semun | |||
| 809 | if(cmd == IPC_SET) { | 809 | if(cmd == IPC_SET) { |
| 810 | if(copy_semid_from_user (&setbuf, arg.buf, version)) | 810 | if(copy_semid_from_user (&setbuf, arg.buf, version)) |
| 811 | return -EFAULT; | 811 | return -EFAULT; |
| 812 | if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode))) | ||
| 813 | return err; | ||
| 814 | } | 812 | } |
| 815 | sma = sem_lock(semid); | 813 | sma = sem_lock(semid); |
| 816 | if(sma==NULL) | 814 | if(sma==NULL) |
| @@ -821,7 +819,6 @@ static int semctl_down(int semid, int semnum, int cmd, int version, union semun | |||
| 821 | goto out_unlock; | 819 | goto out_unlock; |
| 822 | } | 820 | } |
| 823 | ipcp = &sma->sem_perm; | 821 | ipcp = &sma->sem_perm; |
| 824 | |||
| 825 | if (current->euid != ipcp->cuid && | 822 | if (current->euid != ipcp->cuid && |
| 826 | current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) { | 823 | current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) { |
| 827 | err=-EPERM; | 824 | err=-EPERM; |
| @@ -838,6 +835,8 @@ static int semctl_down(int semid, int semnum, int cmd, int version, union semun | |||
| 838 | err = 0; | 835 | err = 0; |
| 839 | break; | 836 | break; |
| 840 | case IPC_SET: | 837 | case IPC_SET: |
| 838 | if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode, ipcp))) | ||
| 839 | goto out_unlock; | ||
| 841 | ipcp->uid = setbuf.uid; | 840 | ipcp->uid = setbuf.uid; |
| 842 | ipcp->gid = setbuf.gid; | 841 | ipcp->gid = setbuf.gid; |
| 843 | ipcp->mode = (ipcp->mode & ~S_IRWXUGO) | 842 | ipcp->mode = (ipcp->mode & ~S_IRWXUGO) |
| @@ -620,13 +620,13 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf) | |||
| 620 | err = -EFAULT; | 620 | err = -EFAULT; |
| 621 | goto out; | 621 | goto out; |
| 622 | } | 622 | } |
| 623 | if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode))) | ||
| 624 | return err; | ||
| 625 | down(&shm_ids.sem); | 623 | down(&shm_ids.sem); |
| 626 | shp = shm_lock(shmid); | 624 | shp = shm_lock(shmid); |
| 627 | err=-EINVAL; | 625 | err=-EINVAL; |
| 628 | if(shp==NULL) | 626 | if(shp==NULL) |
| 629 | goto out_up; | 627 | goto out_up; |
| 628 | if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode, &(shp->shm_perm)))) | ||
| 629 | goto out_unlock_up; | ||
| 630 | err = shm_checkid(shp,shmid); | 630 | err = shm_checkid(shp,shmid); |
| 631 | if(err) | 631 | if(err) |
| 632 | goto out_unlock_up; | 632 | goto out_unlock_up; |