Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
Merge tag 'pstore-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull pstore update from Kees Cook:
"Make pstore permissions more versatile by removing CAP_SYSLOG
requirement and defining more restrictive root directory DAC
permissions default (0750, which can be adjust after boot unlike the
CAP_SYSLOG check).
Suggested by Nick Kralevich"
* tag 'pstore-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
Revert "pstore: Honor dmesg_restrict sysctl on dmesg dumps"
pstore: Make default pstorefs root dir perms 0750
+1
-23
fs/pstore/inode.c
+1
-23
fs/pstore/inode.c
···
36
#include <linux/slab.h>
37
#include <linux/spinlock.h>
38
#include <linux/uaccess.h>
39
-
#include <linux/syslog.h>
40
41
#include "internal.h"
42
···
131
.show = pstore_ftrace_seq_show,
132
};
133
134
-
static int pstore_check_syslog_permissions(struct pstore_private *ps)
135
-
{
136
-
switch (ps->record->type) {
137
-
case PSTORE_TYPE_DMESG:
138
-
case PSTORE_TYPE_CONSOLE:
139
-
return check_syslog_permissions(SYSLOG_ACTION_READ_ALL,
140
-
SYSLOG_FROM_READER);
141
-
default:
142
-
return 0;
143
-
}
144
-
}
145
-
146
static ssize_t pstore_file_read(struct file *file, char __user *userbuf,
147
size_t count, loff_t *ppos)
148
{
···
149
struct seq_file *sf;
150
int err;
151
const struct seq_operations *sops = NULL;
152
-
153
-
err = pstore_check_syslog_permissions(ps);
154
-
if (err)
155
-
return err;
156
157
if (ps->record->type == PSTORE_TYPE_FTRACE)
158
sops = &pstore_ftrace_seq_ops;
···
187
{
188
struct pstore_private *p = d_inode(dentry)->i_private;
189
struct pstore_record *record = p->record;
190
-
int err;
191
-
192
-
err = pstore_check_syslog_permissions(p);
193
-
if (err)
194
-
return err;
195
196
if (!record->psi->erase)
197
return -EPERM;
···
449
450
inode = pstore_get_inode(sb);
451
if (inode) {
452
-
inode->i_mode = S_IFDIR | 0755;
453
inode->i_op = &pstore_dir_inode_operations;
454
inode->i_fop = &simple_dir_operations;
455
inc_nlink(inode);
···
36
#include <linux/slab.h>
37
#include <linux/spinlock.h>
38
#include <linux/uaccess.h>
39
40
#include "internal.h"
41
···
132
.show = pstore_ftrace_seq_show,
133
};
134
135
static ssize_t pstore_file_read(struct file *file, char __user *userbuf,
136
size_t count, loff_t *ppos)
137
{
···
162
struct seq_file *sf;
163
int err;
164
const struct seq_operations *sops = NULL;
165
166
if (ps->record->type == PSTORE_TYPE_FTRACE)
167
sops = &pstore_ftrace_seq_ops;
···
204
{
205
struct pstore_private *p = d_inode(dentry)->i_private;
206
struct pstore_record *record = p->record;
207
208
if (!record->psi->erase)
209
return -EPERM;
···
471
472
inode = pstore_get_inode(sb);
473
if (inode) {
474
+
inode->i_mode = S_IFDIR | 0750;
475
inode->i_op = &pstore_dir_inode_operations;
476
inode->i_fop = &simple_dir_operations;
477
inc_nlink(inode);
-9
include/linux/syslog.h
-9
include/linux/syslog.h
···
49
50
int do_syslog(int type, char __user *buf, int count, int source);
51
52
-
#ifdef CONFIG_PRINTK
53
-
int check_syslog_permissions(int type, int source);
54
-
#else
55
-
static inline int check_syslog_permissions(int type, int source)
56
-
{
57
-
return 0;
58
-
}
59
-
#endif
60
-
61
#endif /* _LINUX_SYSLOG_H */
+1
-2
kernel/printk/printk.c
+1
-2
kernel/printk/printk.c
···
649
type != SYSLOG_ACTION_SIZE_BUFFER;
650
}
651
652
-
int check_syslog_permissions(int type, int source)
653
{
654
/*
655
* If this is from /proc/kmsg and we've already opened it, then we've
···
677
ok:
678
return security_syslog(type);
679
}
680
-
EXPORT_SYMBOL_GPL(check_syslog_permissions);
681
682
static void append_char(char **pp, char *e, char c)
683
{
···
649
type != SYSLOG_ACTION_SIZE_BUFFER;
650
}
651
652
+
static int check_syslog_permissions(int type, int source)
653
{
654
/*
655
* If this is from /proc/kmsg and we've already opened it, then we've
···
677
ok:
678
return security_syslog(type);
679
}
680
681
static void append_char(char **pp, char *e, char c)
682
{