diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/commoncap.c | 5 | ||||
-rw-r--r-- | security/selinux/hooks.c | 21 |
2 files changed, 14 insertions, 12 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 677fad9d5cba..cf01b2eebb60 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -897,9 +897,10 @@ error: | |||
897 | int cap_syslog(int type, bool from_file) | 897 | int cap_syslog(int type, bool from_file) |
898 | { | 898 | { |
899 | /* /proc/kmsg can open be opened by CAP_SYS_ADMIN */ | 899 | /* /proc/kmsg can open be opened by CAP_SYS_ADMIN */ |
900 | if (type != 1 && from_file) | 900 | if (type != SYSLOG_ACTION_OPEN && from_file) |
901 | return 0; | 901 | return 0; |
902 | if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) | 902 | if ((type != SYSLOG_ACTION_READ_ALL && |
903 | type != SYSLOG_ACTION_SIZE_BUFFER) && !capable(CAP_SYS_ADMIN)) | ||
903 | return -EPERM; | 904 | return -EPERM; |
904 | return 0; | 905 | return 0; |
905 | } | 906 | } |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a4862a0730fa..6b36ce2eef2e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -2059,20 +2059,21 @@ static int selinux_syslog(int type, bool from_file) | |||
2059 | return rc; | 2059 | return rc; |
2060 | 2060 | ||
2061 | switch (type) { | 2061 | switch (type) { |
2062 | case 3: /* Read last kernel messages */ | 2062 | case SYSLOG_ACTION_READ_ALL: /* Read last kernel messages */ |
2063 | case 10: /* Return size of the log buffer */ | 2063 | case SYSLOG_ACTION_SIZE_BUFFER: /* Return size of the log buffer */ |
2064 | rc = task_has_system(current, SYSTEM__SYSLOG_READ); | 2064 | rc = task_has_system(current, SYSTEM__SYSLOG_READ); |
2065 | break; | 2065 | break; |
2066 | case 6: /* Disable logging to console */ | 2066 | case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console */ |
2067 | case 7: /* Enable logging to console */ | 2067 | case SYSLOG_ACTION_CONSOLE_ON: /* Enable logging to console */ |
2068 | case 8: /* Set level of messages printed to console */ | 2068 | /* Set level of messages printed to console */ |
2069 | case SYSLOG_ACTION_CONSOLE_LEVEL: | ||
2069 | rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE); | 2070 | rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE); |
2070 | break; | 2071 | break; |
2071 | case 0: /* Close log */ | 2072 | case SYSLOG_ACTION_CLOSE: /* Close log */ |
2072 | case 1: /* Open log */ | 2073 | case SYSLOG_ACTION_OPEN: /* Open log */ |
2073 | case 2: /* Read from log */ | 2074 | case SYSLOG_ACTION_READ: /* Read from log */ |
2074 | case 4: /* Read/clear last kernel messages */ | 2075 | case SYSLOG_ACTION_READ_CLEAR: /* Read/clear last kernel messages */ |
2075 | case 5: /* Clear ring buffer */ | 2076 | case SYSLOG_ACTION_CLEAR: /* Clear ring buffer */ |
2076 | default: | 2077 | default: |
2077 | rc = task_has_system(current, SYSTEM__SYSLOG_MOD); | 2078 | rc = task_has_system(current, SYSTEM__SYSLOG_MOD); |
2078 | break; | 2079 | break; |