Re: [PATCH] kernel/printk/printk.c: check_syslog_permissions() cleanup

From: Vasily Averin
Date: Sun May 24 2015 - 12:11:14 EST

Next message: Timur Tabi: "Re: [PATCH v2 6/7] Watchdog: introduce ARM SBSA watchdog driver"
Previous message: Eddie Huang: "Re: [PATCH v9 0/3] ARM: mediatek: Add driver for Mediatek I2C"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 15.05.2015 01:01, Andrew Morton wrote:
> On Sun, 10 May 2015 09:35:53 +0300 Vasily Averin <vvs@xxxxxxxx> wrote:
>> --- a/kernel/printk/printk.c
>> +++ b/kernel/printk/printk.c
>> @@ -484,11 +484,11 @@ int check_syslog_permissions(int type, bool from_file)
>> * already done the capabilities checks at open time.
>> */
>> if (from_file && type != SYSLOG_ACTION_OPEN)
>> - return 0;
>> + goto ok;
>
> This seems wrong - we should only call security_syslog() for opens?

No I think my version is correct.
Currently security hook _is_ called in this situation:
from_file is set in /proc/kmsg handlers only,
they use do_syslog() and call security_syslog() directly
after check_syslog_permissions() call.

My patch forces check_syslog_permissions() to call security hook in all cases,
that allows to remove extra security_syslog() call from do_syslog().

I've changed patch comment and going to resend new patch version soon.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Timur Tabi: "Re: [PATCH v2 6/7] Watchdog: introduce ARM SBSA watchdog driver"
Previous message: Eddie Huang: "Re: [PATCH v9 0/3] ARM: mediatek: Add driver for Mediatek I2C"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]