syslog: distinguish between /proc/kmsg and syscalls
This allows the LSM to distinguish between syslog functions originating from /proc/kmsg access and direct syscalls. By default, the commoncaps will now no longer require CAP_SYS_ADMIN to read an opened /proc/kmsg file descriptor. For example the kernel syslog reader can now drop privileges after opening /proc/kmsg, instead of staying privileged with CAP_SYS_ADMIN. MAC systems that implement security_syslog have unchanged behavior. Signed-off-by:Kees Cook <kees.cook@canonical.com> Acked-by:
Serge Hallyn <serue@us.ibm.com> Acked-by:
John Johansen <john.johansen@canonical.com> Signed-off-by:
James Morris <jmorris@namei.org>
Showing
- fs/proc/kmsg.c 7 additions, 7 deletionsfs/proc/kmsg.c
- include/linux/security.h 6 additions, 5 deletionsinclude/linux/security.h
- include/linux/syslog.h 29 additions, 0 deletionsinclude/linux/syslog.h
- kernel/printk.c 4 additions, 3 deletionskernel/printk.c
- security/commoncap.c 6 additions, 1 deletionsecurity/commoncap.c
- security/security.c 2 additions, 2 deletionssecurity/security.c
- security/selinux/hooks.c 3 additions, 2 deletionssecurity/selinux/hooks.c
- security/smack/smack_lsm.c 2 additions, 2 deletionssecurity/smack/smack_lsm.c
Loading
Please register or sign in to comment