linux-hardened/security
Kees Cook 002345925e syslog: distinguish between /proc/kmsg and syscalls
This allows the LSM to distinguish between syslog functions originating
from /proc/kmsg access and direct syscalls.  By default, the commoncaps
will now no longer require CAP_SYS_ADMIN to read an opened /proc/kmsg
file descriptor.  For example the kernel syslog reader can now drop
privileges after opening /proc/kmsg, instead of staying privileged with
CAP_SYS_ADMIN.  MAC systems that implement security_syslog have unchanged
behavior.

Signed-off-by: Kees Cook <kees.cook@canonical.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
2010-02-04 14:20:12 +11:00
..
integrity/ima ima: limit imbalance msg 2009-12-16 12:16:48 -05:00
keys Keys: KEYCTL_SESSION_TO_PARENT needs TIF_NOTIFY_RESUME architecture support 2009-12-17 09:27:59 +11:00
selinux syslog: distinguish between /proc/kmsg and syscalls 2010-02-04 14:20:12 +11:00
smack syslog: distinguish between /proc/kmsg and syscalls 2010-02-04 14:20:12 +11:00
tomoyo TOMOYO: Remove usage counter for temporary memory. 2010-01-27 08:20:48 +11:00
capability.c security: report the module name to security_module_request 2009-11-10 09:33:46 +11:00
commoncap.c syslog: distinguish between /proc/kmsg and syscalls 2010-02-04 14:20:12 +11:00
device_cgroup.c cgroups: let ss->can_attach and ss->attach do whole threadgroups at a time 2009-09-24 07:20:58 -07:00
inode.c securityfs: securityfs_remove should handle IS_ERR pointers 2009-05-12 11:06:11 +10:00
Kconfig remove CONFIG_SECURITY_FILE_CAPABILITIES compile option 2009-11-24 15:06:47 +11:00
lsm_audit.c Merge branch 'master' of /home/davem/src/GIT/linux-2.6/ 2009-12-05 15:22:26 -08:00
Makefile NOMMU: Optimise away the {dac_,}mmap_min_addr tests 2009-12-17 09:25:19 +11:00
min_addr.c security/min_addr.c: make init_mmap_min_addr() static 2009-12-17 09:24:22 +11:00
security.c syslog: distinguish between /proc/kmsg and syscalls 2010-02-04 14:20:12 +11:00