Commit 38181ac4 authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] Reduce SELinux check on KDSKBENT/SENT ioctls

From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch reduces the full capability check in the SELinux module for the
KDSKBENT/SENT ioctls to only check the corresponding SELinux permission,
avoiding a change to the Linux permissions model for these operations.
parent f1f4662e
...@@ -1992,8 +1992,7 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd, ...@@ -1992,8 +1992,7 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd,
case KDSKBENT: case KDSKBENT:
case KDSKBSENT: case KDSKBSENT:
if (!capable(CAP_SYS_TTY_CONFIG)) error = task_has_capability(current,CAP_SYS_TTY_CONFIG);
error = -EPERM;
break; break;
/* default case assumes that the command will go /* default case assumes that the command will go
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment