Merge branch 'next' into for-linus

author: James Morris <jmorris@namei.org> 2010-03-01 09:36:31 +1100
committer: James Morris <jmorris@namei.org> 2010-03-01 09:36:31 +1100
commit: b4ccebdd37ff70d349321a198f416ba737a5e833 (patch)
tree: 275d717070346722c3aacd8355fb4f743216e03b /security/commoncap.c
parent: 30ff056c42c665b9ea535d8515890857ae382540 (diff)
parent: ef57471a73b67a7b65fd8708fd55c77cb7c619af (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index f800fdb3de9..61669730da9 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -27,6 +27,7 @@
 #include <linux/sched.h>
 #include <linux/prctl.h>
 #include <linux/securebits.h>
+#include <linux/syslog.h>
 
 /*
  * If a non-root user executes a setuid-root binary in
@@ -888,13 +889,17 @@ error:
 /**
  * cap_syslog - Determine whether syslog function is permitted
  * @type: Function requested
+ * @from_file: Whether this request came from an open file (i.e. /proc)
  *
  * Determine whether the current process is permitted to use a particular
  * syslog function, returning 0 if permission is granted, -ve if not.
  */
-int cap_syslog(int type)
+int cap_syslog(int type, bool from_file)
 {
-	if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN))
+	if (type != SYSLOG_ACTION_OPEN && from_file)
+		return 0;
+	if ((type != SYSLOG_ACTION_READ_ALL &&
+	     type != SYSLOG_ACTION_SIZE_BUFFER) && !capable(CAP_SYS_ADMIN))
 		return -EPERM;
 	return 0;
 }
author	James Morris <jmorris@namei.org>	2010-03-01 09:36:31 +1100
committer	James Morris <jmorris@namei.org>	2010-03-01 09:36:31 +1100
commit	b4ccebdd37ff70d349321a198f416ba737a5e833 (patch)
tree	275d717070346722c3aacd8355fb4f743216e03b /security/commoncap.c
parent	30ff056c42c665b9ea535d8515890857ae382540 (diff)
parent	ef57471a73b67a7b65fd8708fd55c77cb7c619af (diff)