Fix up the lockdown sysrq patch

Signed-off-by: Jeremy Cline <jcline@redhat.com>
This commit is contained in:
Jeremy Cline 2019-10-02 16:37:22 -04:00
parent e163d28535
commit ac89b4ad91
1 changed files with 11 additions and 7 deletions

View File

@ -1898,16 +1898,20 @@ index 573b2055173c..7cc95a8bdf8d 100644
op_p = __sysrq_get_key_op(key); op_p = __sysrq_get_key_op(key);
if (op_p) { if (op_p) {
- /*
- * Should we check for enabled operations (/proc/sysrq-trigger
- * should not) and is the invoked operation enabled?
- */
- if (!check_mask || sysrq_on_mask(op_p->enable_mask)) {
+ /* Ban synthetic events from some sysrq functionality */ + /* Ban synthetic events from some sysrq functionality */
+ if ((from == SYSRQ_FROM_PROC || from == SYSRQ_FROM_SYNTHETIC) && + if ((from == SYSRQ_FROM_PROC || from == SYSRQ_FROM_SYNTHETIC) &&
+ op_p->enable_mask & SYSRQ_DISABLE_USERSPACE) + op_p->enable_mask & SYSRQ_DISABLE_USERSPACE) {
+ printk("This sysrq operation is disabled from userspace.\n"); + printk("This sysrq operation is disabled from userspace.\n");
/* + } else if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) {
* Should we check for enabled operations (/proc/sysrq-trigger + /*
* should not) and is the invoked operation enabled? + * Should we check for enabled operations (/proc/sysrq-trigger
*/ + * should not) and is the invoked operation enabled?
- if (!check_mask || sysrq_on_mask(op_p->enable_mask)) { + */
+ if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) {
pr_info("%s\n", op_p->action_msg); pr_info("%s\n", op_p->action_msg);
console_loglevel = orig_log_level; console_loglevel = orig_log_level;
op_p->handler(key); op_p->handler(key);