diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/commoncap.c | 5 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 21 |
2 files changed, 14 insertions, 12 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 677fad9d5cba..cf01b2eebb60 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -897,9 +897,10 @@ error: | |||
| 897 | int cap_syslog(int type, bool from_file) | 897 | int cap_syslog(int type, bool from_file) |
| 898 | { | 898 | { |
| 899 | /* /proc/kmsg can open be opened by CAP_SYS_ADMIN */ | 899 | /* /proc/kmsg can open be opened by CAP_SYS_ADMIN */ |
| 900 | if (type != 1 && from_file) | 900 | if (type != SYSLOG_ACTION_OPEN && from_file) |
| 901 | return 0; | 901 | return 0; |
| 902 | if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) | 902 | if ((type != SYSLOG_ACTION_READ_ALL && |
| 903 | type != SYSLOG_ACTION_SIZE_BUFFER) && !capable(CAP_SYS_ADMIN)) | ||
| 903 | return -EPERM; | 904 | return -EPERM; |
| 904 | return 0; | 905 | return 0; |
| 905 | } | 906 | } |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a4862a0730fa..6b36ce2eef2e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -2059,20 +2059,21 @@ static int selinux_syslog(int type, bool from_file) | |||
| 2059 | return rc; | 2059 | return rc; |
| 2060 | 2060 | ||
| 2061 | switch (type) { | 2061 | switch (type) { |
| 2062 | case 3: /* Read last kernel messages */ | 2062 | case SYSLOG_ACTION_READ_ALL: /* Read last kernel messages */ |
| 2063 | case 10: /* Return size of the log buffer */ | 2063 | case SYSLOG_ACTION_SIZE_BUFFER: /* Return size of the log buffer */ |
| 2064 | rc = task_has_system(current, SYSTEM__SYSLOG_READ); | 2064 | rc = task_has_system(current, SYSTEM__SYSLOG_READ); |
| 2065 | break; | 2065 | break; |
| 2066 | case 6: /* Disable logging to console */ | 2066 | case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console */ |
| 2067 | case 7: /* Enable logging to console */ | 2067 | case SYSLOG_ACTION_CONSOLE_ON: /* Enable logging to console */ |
| 2068 | case 8: /* Set level of messages printed to console */ | 2068 | /* Set level of messages printed to console */ |
| 2069 | case SYSLOG_ACTION_CONSOLE_LEVEL: | ||
| 2069 | rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE); | 2070 | rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE); |
| 2070 | break; | 2071 | break; |
| 2071 | case 0: /* Close log */ | 2072 | case SYSLOG_ACTION_CLOSE: /* Close log */ |
| 2072 | case 1: /* Open log */ | 2073 | case SYSLOG_ACTION_OPEN: /* Open log */ |
| 2073 | case 2: /* Read from log */ | 2074 | case SYSLOG_ACTION_READ: /* Read from log */ |
| 2074 | case 4: /* Read/clear last kernel messages */ | 2075 | case SYSLOG_ACTION_READ_CLEAR: /* Read/clear last kernel messages */ |
| 2075 | case 5: /* Clear ring buffer */ | 2076 | case SYSLOG_ACTION_CLEAR: /* Clear ring buffer */ |
| 2076 | default: | 2077 | default: |
| 2077 | rc = task_has_system(current, SYSTEM__SYSLOG_MOD); | 2078 | rc = task_has_system(current, SYSTEM__SYSLOG_MOD); |
| 2078 | break; | 2079 | break; |