aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/commoncap.c5
-rw-r--r--security/selinux/hooks.c21
2 files changed, 14 insertions, 12 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index 677fad9d5cba..cf01b2eebb60 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -897,9 +897,10 @@ error:
897int cap_syslog(int type, bool from_file) 897int cap_syslog(int type, bool from_file)
898{ 898{
899 /* /proc/kmsg can open be opened by CAP_SYS_ADMIN */ 899 /* /proc/kmsg can open be opened by CAP_SYS_ADMIN */
900 if (type != 1 && from_file) 900 if (type != SYSLOG_ACTION_OPEN && from_file)
901 return 0; 901 return 0;
902 if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) 902 if ((type != SYSLOG_ACTION_READ_ALL &&
903 type != SYSLOG_ACTION_SIZE_BUFFER) && !capable(CAP_SYS_ADMIN))
903 return -EPERM; 904 return -EPERM;
904 return 0; 905 return 0;
905} 906}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a4862a0730fa..6b36ce2eef2e 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2059,20 +2059,21 @@ static int selinux_syslog(int type, bool from_file)
2059 return rc; 2059 return rc;
2060 2060
2061 switch (type) { 2061 switch (type) {
2062 case 3: /* Read last kernel messages */ 2062 case SYSLOG_ACTION_READ_ALL: /* Read last kernel messages */
2063 case 10: /* Return size of the log buffer */ 2063 case SYSLOG_ACTION_SIZE_BUFFER: /* Return size of the log buffer */
2064 rc = task_has_system(current, SYSTEM__SYSLOG_READ); 2064 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
2065 break; 2065 break;
2066 case 6: /* Disable logging to console */ 2066 case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console */
2067 case 7: /* Enable logging to console */ 2067 case SYSLOG_ACTION_CONSOLE_ON: /* Enable logging to console */
2068 case 8: /* Set level of messages printed to console */ 2068 /* Set level of messages printed to console */
2069 case SYSLOG_ACTION_CONSOLE_LEVEL:
2069 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE); 2070 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
2070 break; 2071 break;
2071 case 0: /* Close log */ 2072 case SYSLOG_ACTION_CLOSE: /* Close log */
2072 case 1: /* Open log */ 2073 case SYSLOG_ACTION_OPEN: /* Open log */
2073 case 2: /* Read from log */ 2074 case SYSLOG_ACTION_READ: /* Read from log */
2074 case 4: /* Read/clear last kernel messages */ 2075 case SYSLOG_ACTION_READ_CLEAR: /* Read/clear last kernel messages */
2075 case 5: /* Clear ring buffer */ 2076 case SYSLOG_ACTION_CLEAR: /* Clear ring buffer */
2076 default: 2077 default:
2077 rc = task_has_system(current, SYSTEM__SYSLOG_MOD); 2078 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
2078 break; 2079 break;