]> git.hungrycats.org Git - linux/commitdiff
projects / linux / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f1f4662)
[PATCH] Reduce SELinux check on KDSKBENT/SENT ioctls
authorAndrew Morton <akpm@osdl.org>
Tue, 30 Dec 2003 07:42:55 +0000 (23:42 -0800)
committerLinus Torvalds <torvalds@home.osdl.org>
Tue, 30 Dec 2003 07:42:55 +0000 (23:42 -0800)
From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch reduces the full capability check in the SELinux module for the
KDSKBENT/SENT ioctls to only check the corresponding SELinux permission,
avoiding a change to the Linux permissions model for these operations.

security/selinux/hooks.c patch | blob | history

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index e9301f2b0dca77b58fe7a6ac21e6bf40c68f896d..34bcfcc7aaa980662fff02cfab21a764a5cce0fe 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1992,8 +1992,7 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd,
 
                case KDSKBENT:
                case KDSKBSENT:
-                       if (!capable(CAP_SYS_TTY_CONFIG))
-                               error = -EPERM;
+                       error = task_has_capability(current,CAP_SYS_TTY_CONFIG);
                        break;
 
                /* default case assumes that the command will go
Linux kernels and configurations used by Zygo.