diff options
Diffstat (limited to 'security/commoncap.c')
| -rw-r--r-- | security/commoncap.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index f800fdb3de94..61669730da98 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -27,6 +27,7 @@ | |||
| 27 | #include <linux/sched.h> | 27 | #include <linux/sched.h> |
| 28 | #include <linux/prctl.h> | 28 | #include <linux/prctl.h> |
| 29 | #include <linux/securebits.h> | 29 | #include <linux/securebits.h> |
| 30 | #include <linux/syslog.h> | ||
| 30 | 31 | ||
| 31 | /* | 32 | /* |
| 32 | * If a non-root user executes a setuid-root binary in | 33 | * If a non-root user executes a setuid-root binary in |
| @@ -888,13 +889,17 @@ error: | |||
| 888 | /** | 889 | /** |
| 889 | * cap_syslog - Determine whether syslog function is permitted | 890 | * cap_syslog - Determine whether syslog function is permitted |
| 890 | * @type: Function requested | 891 | * @type: Function requested |
| 892 | * @from_file: Whether this request came from an open file (i.e. /proc) | ||
| 891 | * | 893 | * |
| 892 | * Determine whether the current process is permitted to use a particular | 894 | * Determine whether the current process is permitted to use a particular |
| 893 | * syslog function, returning 0 if permission is granted, -ve if not. | 895 | * syslog function, returning 0 if permission is granted, -ve if not. |
| 894 | */ | 896 | */ |
| 895 | int cap_syslog(int type) | 897 | int cap_syslog(int type, bool from_file) |
| 896 | { | 898 | { |
| 897 | if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) | 899 | if (type != SYSLOG_ACTION_OPEN && from_file) |
| 900 | return 0; | ||
| 901 | if ((type != SYSLOG_ACTION_READ_ALL && | ||
| 902 | type != SYSLOG_ACTION_SIZE_BUFFER) && !capable(CAP_SYS_ADMIN)) | ||
| 898 | return -EPERM; | 903 | return -EPERM; |
| 899 | return 0; | 904 | return 0; |
| 900 | } | 905 | } |