diff options
| author | David Woodhouse <David.Woodhouse@intel.com> | 2010-04-09 15:17:41 +0100 | 
|---|---|---|
| committer | David Woodhouse <David.Woodhouse@intel.com> | 2010-04-09 15:21:12 +0100 | 
| commit | 87d8a69709d971913e6cc7210450fcb8be963667 (patch) | |
| tree | 4f8eb95c588f7df84554dcf97d67540664333a7b /security/selinux/hooks.c | |
| parent | 0b8973a81876d90f916507ac40d1381068dc986a (diff) | |
| parent | 2eaa9cfdf33b8d7fb7aff27792192e0019ae8fc6 (diff) | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 43 | 
1 files changed, 17 insertions, 26 deletions
| diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7a374c2eb04..5feecb41009 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -76,6 +76,7 @@  #include <linux/selinux.h>  #include <linux/mutex.h>  #include <linux/posix-timers.h> +#include <linux/syslog.h>  #include "avc.h"  #include "objsec.h" @@ -125,13 +126,6 @@ __setup("selinux=", selinux_enabled_setup);  int selinux_enabled = 1;  #endif - -/* - * Minimal support for a secondary security module, - * just to allow the use of the capability module. - */ -static struct security_operations *secondary_ops; -  /* Lists of inode and superblock security structures initialized     before the policy was loaded. */  static LIST_HEAD(superblock_security_head); @@ -2049,29 +2043,30 @@ static int selinux_quota_on(struct dentry *dentry)  	return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON);  } -static int selinux_syslog(int type) +static int selinux_syslog(int type, bool from_file)  {  	int rc; -	rc = cap_syslog(type); +	rc = cap_syslog(type, from_file);  	if (rc)  		return rc;  	switch (type) { -	case 3:		/* Read last kernel messages */ -	case 10:	/* Return size of the log buffer */ +	case SYSLOG_ACTION_READ_ALL:	/* Read last kernel messages */ +	case SYSLOG_ACTION_SIZE_BUFFER:	/* Return size of the log buffer */  		rc = task_has_system(current, SYSTEM__SYSLOG_READ);  		break; -	case 6:		/* Disable logging to console */ -	case 7:		/* Enable logging to console */ -	case 8:		/* Set level of messages printed to console */ +	case SYSLOG_ACTION_CONSOLE_OFF:	/* Disable logging to console */ +	case SYSLOG_ACTION_CONSOLE_ON:	/* Enable logging to console */ +	/* Set level of messages printed to console */ +	case SYSLOG_ACTION_CONSOLE_LEVEL:  		rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);  		break; -	case 0:		/* Close log */ -	case 1:		/* Open log */ -	case 2:		/* Read from log */ -	case 4:		/* Read/clear last kernel messages */ -	case 5:		/* Clear ring buffer */ +	case SYSLOG_ACTION_CLOSE:	/* Close log */ +	case SYSLOG_ACTION_OPEN:	/* Open log */ +	case SYSLOG_ACTION_READ:	/* Read from log */ +	case SYSLOG_ACTION_READ_CLEAR:	/* Read/clear last kernel messages */ +	case SYSLOG_ACTION_CLEAR:	/* Clear ring buffer */  	default:  		rc = task_has_system(current, SYSTEM__SYSLOG_MOD);  		break; @@ -2365,7 +2360,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm)  			initrlim = init_task.signal->rlim + i;  			rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);  		} -		update_rlimit_cpu(rlim->rlim_cur); +		update_rlimit_cpu(current->signal->rlim[RLIMIT_CPU].rlim_cur);  	}  } @@ -3334,7 +3329,7 @@ static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)  	if (ret == 0)  		tsec->create_sid = isec->sid; -	return 0; +	return ret;  }  static int selinux_kernel_module_request(char *kmod_name) @@ -5672,9 +5667,6 @@ static __init int selinux_init(void)  					    0, SLAB_PANIC, NULL);  	avc_init(); -	secondary_ops = security_ops; -	if (!secondary_ops) -		panic("SELinux: No initial security operations\n");  	if (register_security(&selinux_ops))  		panic("SELinux: Unable to register with kernel.\n"); @@ -5835,8 +5827,7 @@ int selinux_disable(void)  	selinux_disabled = 1;  	selinux_enabled = 0; -	/* Reset security_ops to the secondary module, dummy or capability. */ -	security_ops = secondary_ops; +	reset_security_ops();  	/* Try to destroy the avc node cache */  	avc_disable(); | 
