diff options
| author | Kees Cook <kees.cook@canonical.com> | 2010-02-03 18:37:13 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-02-03 22:20:41 -0500 |
| commit | d78ca3cd733d8a2c3dcd88471beb1a15d973eed8 (patch) | |
| tree | a27ccf86f5f7df3cc987d0203ed0bff2db46db57 /security | |
| parent | 002345925e6c45861f60db6f4fc6236713fd8847 (diff) | |
syslog: use defined constants instead of raw numbers
Right now the syslog "type" action are just raw numbers which makes
the source difficult to follow. This patch replaces the raw numbers
with defined constants for some level of sanity.
Signed-off-by: Kees Cook <kees.cook@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/commoncap.c | 5 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 21 |
2 files changed, 14 insertions, 12 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 677fad9d5cba..cf01b2eebb60 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -897,9 +897,10 @@ error: | |||
| 897 | int cap_syslog(int type, bool from_file) | 897 | int cap_syslog(int type, bool from_file) |
| 898 | { | 898 | { |
| 899 | /* /proc/kmsg can open be opened by CAP_SYS_ADMIN */ | 899 | /* /proc/kmsg can open be opened by CAP_SYS_ADMIN */ |
| 900 | if (type != 1 && from_file) | 900 | if (type != SYSLOG_ACTION_OPEN && from_file) |
| 901 | return 0; | 901 | return 0; |
| 902 | if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) | 902 | if ((type != SYSLOG_ACTION_READ_ALL && |
| 903 | type != SYSLOG_ACTION_SIZE_BUFFER) && !capable(CAP_SYS_ADMIN)) | ||
| 903 | return -EPERM; | 904 | return -EPERM; |
| 904 | return 0; | 905 | return 0; |
| 905 | } | 906 | } |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a4862a0730fa..6b36ce2eef2e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -2059,20 +2059,21 @@ static int selinux_syslog(int type, bool from_file) | |||
| 2059 | return rc; | 2059 | return rc; |
| 2060 | 2060 | ||
| 2061 | switch (type) { | 2061 | switch (type) { |
| 2062 | case 3: /* Read last kernel messages */ | 2062 | case SYSLOG_ACTION_READ_ALL: /* Read last kernel messages */ |
| 2063 | case 10: /* Return size of the log buffer */ | 2063 | case SYSLOG_ACTION_SIZE_BUFFER: /* Return size of the log buffer */ |
| 2064 | rc = task_has_system(current, SYSTEM__SYSLOG_READ); | 2064 | rc = task_has_system(current, SYSTEM__SYSLOG_READ); |
| 2065 | break; | 2065 | break; |
| 2066 | case 6: /* Disable logging to console */ | 2066 | case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console */ |
| 2067 | case 7: /* Enable logging to console */ | 2067 | case SYSLOG_ACTION_CONSOLE_ON: /* Enable logging to console */ |
| 2068 | case 8: /* Set level of messages printed to console */ | 2068 | /* Set level of messages printed to console */ |
| 2069 | case SYSLOG_ACTION_CONSOLE_LEVEL: | ||
| 2069 | rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE); | 2070 | rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE); |
| 2070 | break; | 2071 | break; |
| 2071 | case 0: /* Close log */ | 2072 | case SYSLOG_ACTION_CLOSE: /* Close log */ |
| 2072 | case 1: /* Open log */ | 2073 | case SYSLOG_ACTION_OPEN: /* Open log */ |
| 2073 | case 2: /* Read from log */ | 2074 | case SYSLOG_ACTION_READ: /* Read from log */ |
| 2074 | case 4: /* Read/clear last kernel messages */ | 2075 | case SYSLOG_ACTION_READ_CLEAR: /* Read/clear last kernel messages */ |
| 2075 | case 5: /* Clear ring buffer */ | 2076 | case SYSLOG_ACTION_CLEAR: /* Clear ring buffer */ |
| 2076 | default: | 2077 | default: |
| 2077 | rc = task_has_system(current, SYSTEM__SYSLOG_MOD); | 2078 | rc = task_has_system(current, SYSTEM__SYSLOG_MOD); |
| 2078 | break; | 2079 | break; |