linux/security/smack
Kees Cook 002345925e syslog: distinguish between /proc/kmsg and syscalls
This allows the LSM to distinguish between syslog functions originating
from /proc/kmsg access and direct syscalls.  By default, the commoncaps
will now no longer require CAP_SYS_ADMIN to read an opened /proc/kmsg
file descriptor.  For example the kernel syslog reader can now drop
privileges after opening /proc/kmsg, instead of staying privileged with
CAP_SYS_ADMIN.  MAC systems that implement security_syslog have unchanged
behavior.

Signed-off-by: Kees Cook <kees.cook@canonical.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
2010-02-04 14:20:12 +11:00
..
Kconfig Smack: Simplified Mandatory Access Control Kernel 2008-02-05 09:44:20 -08:00
Makefile Smack: Simplified Mandatory Access Control Kernel 2008-02-05 09:44:20 -08:00
smack_access.c security: Make lsm_priv union in lsm_audit.h anonymous 2009-07-10 08:58:39 +10:00
smack_lsm.c syslog: distinguish between /proc/kmsg and syscalls 2010-02-04 14:20:12 +11:00
smack.h security: Make lsm_priv union in lsm_audit.h anonymous 2009-07-10 08:58:39 +10:00
smackfs.c seq_file: constify seq_operations 2009-09-23 07:39:29 -07:00