Merge commit 'v2.6.34-rc1' into for-2.6.35

author: Mark Brown <broonie@opensource.wolfsonmicro.com> 2010-03-10 15:02:37 +0000
committer: Mark Brown <broonie@opensource.wolfsonmicro.com> 2010-03-10 15:02:37 +0000
commit: fad837c16cdd856c68ce2e1335ad0fe836ed8ecd (patch)
tree: 1a6babdc2ac7e5388c482e93505fdfaf5ff97f61 /security/commoncap.c
parent: 51c6ab130642ed975681df843c772dda48a1d2ed (diff)
parent: 57d54889cd00db2752994b389ba714138652e60c (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index f800fdb3de94..61669730da98 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -27,6 +27,7 @@
 #include <linux/sched.h>
 #include <linux/prctl.h>
 #include <linux/securebits.h>
+#include <linux/syslog.h>
 
 /*
  * If a non-root user executes a setuid-root binary in
@@ -888,13 +889,17 @@ error:
 /**
  * cap_syslog - Determine whether syslog function is permitted
  * @type: Function requested
+ * @from_file: Whether this request came from an open file (i.e. /proc)
  *
  * Determine whether the current process is permitted to use a particular
  * syslog function, returning 0 if permission is granted, -ve if not.
  */
-int cap_syslog(int type)
+int cap_syslog(int type, bool from_file)
 {
-	if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN))
+	if (type != SYSLOG_ACTION_OPEN && from_file)
+		return 0;
+	if ((type != SYSLOG_ACTION_READ_ALL &&
+	     type != SYSLOG_ACTION_SIZE_BUFFER) && !capable(CAP_SYS_ADMIN))
 		return -EPERM;
 	return 0;
 }
author	Mark Brown <broonie@opensource.wolfsonmicro.com>	2010-03-10 15:02:37 +0000
committer	Mark Brown <broonie@opensource.wolfsonmicro.com>	2010-03-10 15:02:37 +0000
commit	fad837c16cdd856c68ce2e1335ad0fe836ed8ecd (patch)
tree	1a6babdc2ac7e5388c482e93505fdfaf5ff97f61 /security/commoncap.c
parent	51c6ab130642ed975681df843c772dda48a1d2ed (diff)
parent	57d54889cd00db2752994b389ba714138652e60c (diff)