• Linus Torvalds's avatar
    cap_syslog: accept CAP_SYS_ADMIN for now · ee24aebf
    Linus Torvalds authored
    In commit ce6ada35 ("security: Define CAP_SYSLOG") Serge Hallyn
    introduced CAP_SYSLOG, but broke backwards compatibility by no longer
    accepting CAP_SYS_ADMIN as an override (it would cause a warning and
    then reject the operation).
    Re-instate CAP_SYS_ADMIN - but keeping the warning - as an acceptable
    capability until any legacy applications have been updated.  There are
    apparently applications out there that drop all capabilities except for
    CAP_SYS_ADMIN in order to access the syslog.
    (This is a re-implementation of a patch by Serge, cleaning the logic up
    and making the code more readable)
    Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
    Reviewed-by: default avatarJames Morris <jmorris@namei.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
printk.c 39.5 KB