diff options
Diffstat (limited to 'security/commoncap.c')
-rw-r--r-- | security/commoncap.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index f800fdb3de94..677fad9d5cba 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -27,6 +27,7 @@ | |||
27 | #include <linux/sched.h> | 27 | #include <linux/sched.h> |
28 | #include <linux/prctl.h> | 28 | #include <linux/prctl.h> |
29 | #include <linux/securebits.h> | 29 | #include <linux/securebits.h> |
30 | #include <linux/syslog.h> | ||
30 | 31 | ||
31 | /* | 32 | /* |
32 | * If a non-root user executes a setuid-root binary in | 33 | * If a non-root user executes a setuid-root binary in |
@@ -888,12 +889,16 @@ error: | |||
888 | /** | 889 | /** |
889 | * cap_syslog - Determine whether syslog function is permitted | 890 | * cap_syslog - Determine whether syslog function is permitted |
890 | * @type: Function requested | 891 | * @type: Function requested |
892 | * @from_file: Whether this request came from an open file (i.e. /proc) | ||
891 | * | 893 | * |
892 | * Determine whether the current process is permitted to use a particular | 894 | * Determine whether the current process is permitted to use a particular |
893 | * syslog function, returning 0 if permission is granted, -ve if not. | 895 | * syslog function, returning 0 if permission is granted, -ve if not. |
894 | */ | 896 | */ |
895 | int cap_syslog(int type) | 897 | int cap_syslog(int type, bool from_file) |
896 | { | 898 | { |
899 | /* /proc/kmsg can open be opened by CAP_SYS_ADMIN */ | ||
900 | if (type != 1 && from_file) | ||
901 | return 0; | ||
897 | if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) | 902 | if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) |
898 | return -EPERM; | 903 | return -EPERM; |
899 | return 0; | 904 | return 0; |