diff options
author | Andrew Morton <akpm@osdl.org> | 2003-12-29 23:42:55 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@home.osdl.org> | 2003-12-29 23:42:55 -0800 |
commit | 38181ac4b92c29575c5c5fcce8cf9fcf76785ed1 (patch) | |
tree | 0413e2686c8e31a84914e3a5dad2b730d5170264 /security | |
parent | f1f4662e222e469de9b5bbd77fbaa025236a5746 (diff) | |
download | history-38181ac4b92c29575c5c5fcce8cf9fcf76785ed1.tar.gz |
[PATCH] Reduce SELinux check on KDSKBENT/SENT ioctls
From: Stephen Smalley <sds@epoch.ncsc.mil>
This patch reduces the full capability check in the SELinux module for the
KDSKBENT/SENT ioctls to only check the corresponding SELinux permission,
avoiding a change to the Linux permissions model for these operations.
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/hooks.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e9301f2b0dca77..34bcfcc7aaa980 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1992,8 +1992,7 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd, case KDSKBENT: case KDSKBSENT: - if (!capable(CAP_SYS_TTY_CONFIG)) - error = -EPERM; + error = task_has_capability(current,CAP_SYS_TTY_CONFIG); break; /* default case assumes that the command will go |