From: Olaf Dabrunz Add the necessary hooks so that a SELinux-enabled kernel will allow the new "report the size of the printk buffer" query to work. --- 25-akpm/security/commoncap.c | 2 +- 25-akpm/security/dummy.c | 2 +- 25-akpm/security/selinux/hooks.c | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff -puN security/commoncap.c~report-size-of-printk-buffer-selinux-interface security/commoncap.c --- 25/security/commoncap.c~report-size-of-printk-buffer-selinux-interface 2004-05-05 22:01:32.035089456 -0700 +++ 25-akpm/security/commoncap.c 2004-05-05 22:01:32.061085504 -0700 @@ -289,7 +289,7 @@ void cap_task_reparent_to_init (struct t int cap_syslog (int type) { - if ((type != 3) && !capable(CAP_SYS_ADMIN)) + if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) return -EPERM; return 0; } diff -puN security/dummy.c~report-size-of-printk-buffer-selinux-interface security/dummy.c --- 25/security/dummy.c~report-size-of-printk-buffer-selinux-interface 2004-05-05 22:01:32.036089304 -0700 +++ 25-akpm/security/dummy.c 2004-05-05 22:01:32.062085352 -0700 @@ -99,7 +99,7 @@ static int dummy_quota_on (struct file * static int dummy_syslog (int type) { - if ((type != 3) && current->euid) + if ((type != 3 && type != 10) && current->euid) return -EPERM; return 0; } diff -puN security/selinux/hooks.c~report-size-of-printk-buffer-selinux-interface security/selinux/hooks.c --- 25/security/selinux/hooks.c~report-size-of-printk-buffer-selinux-interface 2004-05-05 22:01:32.050087176 -0700 +++ 25-akpm/security/selinux/hooks.c 2004-05-05 22:01:32.060085656 -0700 @@ -1476,6 +1476,7 @@ static int selinux_syslog(int type) switch (type) { case 3: /* Read last kernel messages */ + case 10: /* Return size of the log buffer */ rc = task_has_system(current, SYSTEM__SYSLOG_READ); break; case 6: /* Disable logging to console */ _