Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (38 commits) SELinux: Make selinux_kernel_create_files_as() shouldn't just always return 0 TOMOYO: Protect find_task_by_vpid() with RCU. Security: add static to security_ops and default_security_ops variable selinux: libsepol: remove dead code in check_avtab_hierarchy_callback() TOMOYO: Remove __func__ from tomoyo_is_correct_path/domain security: fix a couple of sparse warnings TOMOYO: Remove unneeded parameter. TOMOYO: Use shorter names. TOMOYO: Use enum for index numbers. TOMOYO: Add garbage collector. TOMOYO: Add refcounter on domain structure. TOMOYO: Merge headers. TOMOYO: Add refcounter on string data. TOMOYO: Reduce lines by using common path for addition and deletion. selinux: fix memory leak in sel_make_bools TOMOYO: Extract bitfield syslog: clean up needless comment syslog: use defined constants instead of raw numbers syslog: distinguish between /proc/kmsg and syscalls selinux: allow MLS->non-MLS and vice versa upon policy reload ...
This commit is contained in:
Linus Torvalds
commit
832d30ca72
30 changed files with 2037 additions and 1715 deletions
|
|
@ -76,7 +76,7 @@ extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
|
|||
extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp);
|
||||
extern int cap_task_setioprio(struct task_struct *p, int ioprio);
|
||||
extern int cap_task_setnice(struct task_struct *p, int nice);
|
||||
extern int cap_syslog(int type);
|
||||
extern int cap_syslog(int type, bool from_file);
|
||||
extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
|
||||
|
||||
struct msghdr;
|
||||
|
|
@ -95,6 +95,8 @@ struct seq_file;
|
|||
extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
|
||||
extern int cap_netlink_recv(struct sk_buff *skb, int cap);
|
||||
|
||||
void reset_security_ops(void);
|
||||
|
||||
#ifdef CONFIG_MMU
|
||||
extern unsigned long mmap_min_addr;
|
||||
extern unsigned long dac_mmap_min_addr;
|
||||
|
|
@ -985,6 +987,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
|
|||
* Check permissions on incoming network packets. This hook is distinct
|
||||
* from Netfilter's IP input hooks since it is the first time that the
|
||||
* incoming sk_buff @skb has been associated with a particular socket, @sk.
|
||||
* Must not sleep inside this hook because some callers hold spinlocks.
|
||||
* @sk contains the sock (not socket) associated with the incoming sk_buff.
|
||||
* @skb contains the incoming network data.
|
||||
* @socket_getpeersec_stream:
|
||||
|
|
@ -1348,6 +1351,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
|
|||
* logging to the console.
|
||||
* See the syslog(2) manual page for an explanation of the @type values.
|
||||
* @type contains the type of action.
|
||||
* @from_file indicates the context of action (if it came from /proc).
|
||||
* Return 0 if permission is granted.
|
||||
* @settime:
|
||||
* Check permission to change the system time.
|
||||
|
|
@ -1462,7 +1466,7 @@ struct security_operations {
|
|||
int (*sysctl) (struct ctl_table *table, int op);
|
||||
int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
|
||||
int (*quota_on) (struct dentry *dentry);
|
||||
int (*syslog) (int type);
|
||||
int (*syslog) (int type, bool from_file);
|
||||
int (*settime) (struct timespec *ts, struct timezone *tz);
|
||||
int (*vm_enough_memory) (struct mm_struct *mm, long pages);
|
||||
|
||||
|
|
@ -1761,7 +1765,7 @@ int security_acct(struct file *file);
|
|||
int security_sysctl(struct ctl_table *table, int op);
|
||||
int security_quotactl(int cmds, int type, int id, struct super_block *sb);
|
||||
int security_quota_on(struct dentry *dentry);
|
||||
int security_syslog(int type);
|
||||
int security_syslog(int type, bool from_file);
|
||||
int security_settime(struct timespec *ts, struct timezone *tz);
|
||||
int security_vm_enough_memory(long pages);
|
||||
int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
|
||||
|
|
@ -2007,9 +2011,9 @@ static inline int security_quota_on(struct dentry *dentry)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static inline int security_syslog(int type)
|
||||
static inline int security_syslog(int type, bool from_file)
|
||||
{
|
||||
return cap_syslog(type);
|
||||
return cap_syslog(type, from_file);
|
||||
}
|
||||
|
||||
static inline int security_settime(struct timespec *ts, struct timezone *tz)
|
||||
|
|
|
|||
52
include/linux/syslog.h
Normal file
52
include/linux/syslog.h
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
/* Syslog internals
|
||||
*
|
||||
* Copyright 2010 Canonical, Ltd.
|
||||
* Author: Kees Cook <kees.cook@canonical.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2, or (at your option)
|
||||
* any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; see the file COPYING. If not, write to
|
||||
* the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
*/
|
||||
|
||||
#ifndef _LINUX_SYSLOG_H
|
||||
#define _LINUX_SYSLOG_H
|
||||
|
||||
/* Close the log. Currently a NOP. */
|
||||
#define SYSLOG_ACTION_CLOSE 0
|
||||
/* Open the log. Currently a NOP. */
|
||||
#define SYSLOG_ACTION_OPEN 1
|
||||
/* Read from the log. */
|
||||
#define SYSLOG_ACTION_READ 2
|
||||
/* Read all messages remaining in the ring buffer. */
|
||||
#define SYSLOG_ACTION_READ_ALL 3
|
||||
/* Read and clear all messages remaining in the ring buffer */
|
||||
#define SYSLOG_ACTION_READ_CLEAR 4
|
||||
/* Clear ring buffer. */
|
||||
#define SYSLOG_ACTION_CLEAR 5
|
||||
/* Disable printk's to console */
|
||||
#define SYSLOG_ACTION_CONSOLE_OFF 6
|
||||
/* Enable printk's to console */
|
||||
#define SYSLOG_ACTION_CONSOLE_ON 7
|
||||
/* Set level of messages printed to console */
|
||||
#define SYSLOG_ACTION_CONSOLE_LEVEL 8
|
||||
/* Return number of unread characters in the log buffer */
|
||||
#define SYSLOG_ACTION_SIZE_UNREAD 9
|
||||
/* Return size of the log buffer */
|
||||
#define SYSLOG_ACTION_SIZE_BUFFER 10
|
||||
|
||||
#define SYSLOG_FROM_CALL 0
|
||||
#define SYSLOG_FROM_FILE 1
|
||||
|
||||
int do_syslog(int type, char __user *buf, int count, bool from_file);
|
||||
|
||||
#endif /* _LINUX_SYSLOG_H */
|
||||
Loading…
Add table
Add a link
Reference in a new issue