aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2011-01-10 14:18:59 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2011-01-10 14:18:59 -0500
commite0e736fc0d33861335e2a132e4f688f7fd380c61 (patch)
treed9febe9ca1ef1e24efc5e6e1e34e412316d246bd /kernel
parenta08948812b30653eb2c536ae613b635a989feb6f (diff)
parentaeda4ac3efc29e4d55989abd0a73530453aa69ba (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (30 commits) MAINTAINERS: Add tomoyo-dev-en ML. SELinux: define permissions for DCB netlink messages encrypted-keys: style and other cleanup encrypted-keys: verify datablob size before converting to binary trusted-keys: kzalloc and other cleanup trusted-keys: additional TSS return code and other error handling syslog: check cap_syslog when dmesg_restrict Smack: Transmute labels on specified directories selinux: cache sidtab_context_to_sid results SELinux: do not compute transition labels on mountpoint labeled filesystems This patch adds a new security attribute to Smack called SMACK64EXEC. It defines label that is used while task is running. SELinux: merge policydb_index_classes and policydb_index_others selinux: convert part of the sym_val_to_name array to use flex_array selinux: convert type_val_to_struct to flex_array flex_array: fix flex_array_put_ptr macro to be valid C SELinux: do not set automatic i_ino in selinuxfs selinux: rework security_netlbl_secattr_to_sid SELinux: standardize return code handling in selinuxfs.c SELinux: standardize return code handling in selinuxfs.c SELinux: standardize return code handling in policydb.c ...
Diffstat (limited to 'kernel')
-rw-r--r--kernel/printk.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/kernel/printk.c b/kernel/printk.c
index 4642a5c439eb..f64b8997fc76 100644
--- a/kernel/printk.c
+++ b/kernel/printk.c
@@ -273,12 +273,12 @@ int do_syslog(int type, char __user *buf, int len, bool from_file)
273 * at open time. 273 * at open time.
274 */ 274 */
275 if (type == SYSLOG_ACTION_OPEN || !from_file) { 275 if (type == SYSLOG_ACTION_OPEN || !from_file) {
276 if (dmesg_restrict && !capable(CAP_SYS_ADMIN)) 276 if (dmesg_restrict && !capable(CAP_SYSLOG))
277 return -EPERM; 277 goto warn; /* switch to return -EPERM after 2.6.39 */
278 if ((type != SYSLOG_ACTION_READ_ALL && 278 if ((type != SYSLOG_ACTION_READ_ALL &&
279 type != SYSLOG_ACTION_SIZE_BUFFER) && 279 type != SYSLOG_ACTION_SIZE_BUFFER) &&
280 !capable(CAP_SYS_ADMIN)) 280 !capable(CAP_SYSLOG))
281 return -EPERM; 281 goto warn; /* switch to return -EPERM after 2.6.39 */
282 } 282 }
283 283
284 error = security_syslog(type); 284 error = security_syslog(type);
@@ -422,6 +422,12 @@ int do_syslog(int type, char __user *buf, int len, bool from_file)
422 } 422 }
423out: 423out:
424 return error; 424 return error;
425warn:
426 /* remove after 2.6.39 */
427 if (capable(CAP_SYS_ADMIN))
428 WARN_ONCE(1, "Attempt to access syslog with CAP_SYS_ADMIN "
429 "but no CAP_SYSLOG (deprecated and denied).\n");
430 return -EPERM;
425} 431}
426 432
427SYSCALL_DEFINE3(syslog, int, type, char __user *, buf, int, len) 433SYSCALL_DEFINE3(syslog, int, type, char __user *, buf, int, len)