]> bbs.cooldavid.org Git - net-next-2.6.git/blobdiff - security/commoncap.c
git://bbs.cooldavid.org / net-next-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Restrict unprivileged access to kernel syslog
[net-next-2.6.git] / security / commoncap.c
diff --git a/security/commoncap.c b/security/commoncap.c
index 5e632b4857e443d8031eaa17c0e2bd7e877b3d14..04b80f9912bfc3357f1c4b51dd8877ca345df3cc 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -895,6 +895,8 @@ int cap_syslog(int type, bool from_file)
 {
        if (type != SYSLOG_ACTION_OPEN && from_file)
                return 0;
+       if (dmesg_restrict && !capable(CAP_SYS_ADMIN))
+               return -EPERM;
        if ((type != SYSLOG_ACTION_READ_ALL &&
             type != SYSLOG_ACTION_SIZE_BUFFER) && !capable(CAP_SYS_ADMIN))
                return -EPERM;
Clone of davem's net-next-2.6 tree