diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2010-03-02 17:47:24 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-03-02 17:47:24 -0500 |
| commit | 832d30ca72c0a59058e66e097f5ea11f99640819 (patch) | |
| tree | ab71581c4ad66b2a151298ed13c0eb2506fc8068 /security/commoncap.c | |
| parent | 3a5b27bf6f29574d667230c7e76e4b83fe3014e0 (diff) | |
| parent | b4ccebdd37ff70d349321a198f416ba737a5e833 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (38 commits)
SELinux: Make selinux_kernel_create_files_as() shouldn't just always return 0
TOMOYO: Protect find_task_by_vpid() with RCU.
Security: add static to security_ops and default_security_ops variable
selinux: libsepol: remove dead code in check_avtab_hierarchy_callback()
TOMOYO: Remove __func__ from tomoyo_is_correct_path/domain
security: fix a couple of sparse warnings
TOMOYO: Remove unneeded parameter.
TOMOYO: Use shorter names.
TOMOYO: Use enum for index numbers.
TOMOYO: Add garbage collector.
TOMOYO: Add refcounter on domain structure.
TOMOYO: Merge headers.
TOMOYO: Add refcounter on string data.
TOMOYO: Reduce lines by using common path for addition and deletion.
selinux: fix memory leak in sel_make_bools
TOMOYO: Extract bitfield
syslog: clean up needless comment
syslog: use defined constants instead of raw numbers
syslog: distinguish between /proc/kmsg and syscalls
selinux: allow MLS->non-MLS and vice versa upon policy reload
...
Diffstat (limited to 'security/commoncap.c')
| -rw-r--r-- | security/commoncap.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index f800fdb3de94..61669730da98 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -27,6 +27,7 @@ | |||
| 27 | #include <linux/sched.h> | 27 | #include <linux/sched.h> |
| 28 | #include <linux/prctl.h> | 28 | #include <linux/prctl.h> |
| 29 | #include <linux/securebits.h> | 29 | #include <linux/securebits.h> |
| 30 | #include <linux/syslog.h> | ||
| 30 | 31 | ||
| 31 | /* | 32 | /* |
| 32 | * If a non-root user executes a setuid-root binary in | 33 | * If a non-root user executes a setuid-root binary in |
| @@ -888,13 +889,17 @@ error: | |||
| 888 | /** | 889 | /** |
| 889 | * cap_syslog - Determine whether syslog function is permitted | 890 | * cap_syslog - Determine whether syslog function is permitted |
| 890 | * @type: Function requested | 891 | * @type: Function requested |
| 892 | * @from_file: Whether this request came from an open file (i.e. /proc) | ||
| 891 | * | 893 | * |
| 892 | * Determine whether the current process is permitted to use a particular | 894 | * Determine whether the current process is permitted to use a particular |
| 893 | * syslog function, returning 0 if permission is granted, -ve if not. | 895 | * syslog function, returning 0 if permission is granted, -ve if not. |
| 894 | */ | 896 | */ |
| 895 | int cap_syslog(int type) | 897 | int cap_syslog(int type, bool from_file) |
| 896 | { | 898 | { |
| 897 | if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) | 899 | if (type != SYSLOG_ACTION_OPEN && from_file) |
| 900 | return 0; | ||
| 901 | if ((type != SYSLOG_ACTION_READ_ALL && | ||
| 902 | type != SYSLOG_ACTION_SIZE_BUFFER) && !capable(CAP_SYS_ADMIN)) | ||
| 898 | return -EPERM; | 903 | return -EPERM; |
| 899 | return 0; | 904 | return 0; |
| 900 | } | 905 | } |