Skip to content
Commit 2b8fc837 authored by Andy Whitcroft's avatar Andy Whitcroft Committed by Stefan Bader
Browse files

syslog: distinguish between /proc/kmsg and syscalls 

commit 00234592

 upstream
BugLink: http://bugs.launchpad.net/bugs/515623

This allows the LSM to distinguish between syslog functions originating
from /proc/kmsg access and direct syscalls.  By default, the commoncaps
will now no longer require CAP_SYS_ADMIN to read an opened /proc/kmsg
file descriptor.  For example the kernel syslog reader can now drop
privileges after opening /proc/kmsg, instead of staying privileged with
CAP_SYS_ADMIN.  MAC systems that implement security_syslog have unchanged
behavior.

[apw@canonical.com: backport to 2.6.31]
Signed-off-by: default avatarKees Cook <kees.cook@canonical.com>
Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
Acked-by: default avatarJohn Johansen <john.johansen@canonical.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
parent 5156af0a
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment