Eric Lee / linux-smarc-t335x-v3.2

04 Feb, 2010

2 commits

  • d78ca3cd7   syslog: use defined constants instead of raw numbers ... Browse Code »

    Right now the syslog "type" action are just raw numbers which makes
    the source difficult to follow. This patch replaces the raw numbers
    with defined constants for some level of sanity.

    Signed-off-by: Kees Cook
    Acked-by: John Johansen
    Acked-by: Serge Hallyn
    Signed-off-by: James Morris

    Kees Cook
     
  • 002345925   syslog: distinguish between /proc/kmsg and syscalls ... Browse Code »

    This allows the LSM to distinguish between syslog functions originating
    from /proc/kmsg access and direct syscalls. By default, the commoncaps
    will now no longer require CAP_SYS_ADMIN to read an opened /proc/kmsg
    file descriptor. For example the kernel syslog reader can now drop
    privileges after opening /proc/kmsg, instead of staying privileged with
    CAP_SYS_ADMIN. MAC systems that implement security_syslog have unchanged
    behavior.

    Signed-off-by: Kees Cook
    Acked-by: Serge Hallyn
    Acked-by: John Johansen
    Signed-off-by: James Morris

    Kees Cook