summaryrefslogtreecommitdiff
path: root/kernel
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2013-05-24 13:39:29 (GMT)
committerEric Paris <eparis@redhat.com>2013-11-05 16:08:01 (GMT)
commit83fa6bbe4c4541ae748b550b4ec391f8a0acfe94 (patch)
treeda0b4c3432448ac961c5372a94ad38512660314f /kernel
parentda0a610497ce193782c8df4a33fee7fce030cb99 (diff)
downloadlinux-fsl-qoriq-83fa6bbe4c4541ae748b550b4ec391f8a0acfe94.tar.xz
audit: remove CONFIG_AUDIT_LOGINUID_IMMUTABLE
After trying to use this feature in Fedora we found the hard coding policy like this into the kernel was a bad idea. Surprise surprise. We ran into these problems because it was impossible to launch a container as a logged in user and run a login daemon inside that container. This reverts back to the old behavior before this option was added. The option will be re-added in a userspace selectable manor such that userspace can choose when it is and when it is not appropriate. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditsc.c10
1 files changed, 4 insertions, 6 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 7268467..b55788b 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1968,15 +1968,13 @@ static atomic_t session_id = ATOMIC_INIT(0);
static int audit_set_loginuid_perm(kuid_t loginuid)
{
-#ifdef CONFIG_AUDIT_LOGINUID_IMMUTABLE
/* if we are unset, we don't need privs */
if (!audit_loginuid_set(current))
return 0;
-#else /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
- if (capable(CAP_AUDIT_CONTROL))
- return 0;
-#endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
- return -EPERM;
+ /* it is set, you need permission */
+ if (!capable(CAP_AUDIT_CONTROL))
+ return -EPERM;
+ return 0;
}
static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,