diff options
| author | Matthew Garrett <matthewgarrett@google.com> | 2019-08-19 20:18:05 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2019-08-20 00:54:17 -0400 |
| commit | b602614a81078bf29c82b2671bb96a63488f68d6 (patch) | |
| tree | eb83d8f6461eeff1bd51eda39267ab0f523bd5f8 /fs/proc/kcore.c | |
| parent | 1957a85b0032a81e6482ca4aab883643b8dae06e (diff) | |
lockdown: Print current->comm in restriction messages
Print the content of current->comm in messages generated by lockdown to
indicate a restriction that was hit. This makes it a bit easier to find
out what caused the message.
The message now patterned something like:
Lockdown: <comm>: <what> is restricted; see man kernel_lockdown.7
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/proc/kcore.c')
| -rw-r--r-- | fs/proc/kcore.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c index ee2c576cc94e..e2ed8e08cc7a 100644 --- a/fs/proc/kcore.c +++ b/fs/proc/kcore.c | |||
| @@ -548,11 +548,12 @@ static int open_kcore(struct inode *inode, struct file *filp) | |||
| 548 | { | 548 | { |
| 549 | int ret = security_locked_down(LOCKDOWN_KCORE); | 549 | int ret = security_locked_down(LOCKDOWN_KCORE); |
| 550 | 550 | ||
| 551 | if (ret) | ||
| 552 | return ret; | ||
| 553 | if (!capable(CAP_SYS_RAWIO)) | 551 | if (!capable(CAP_SYS_RAWIO)) |
| 554 | return -EPERM; | 552 | return -EPERM; |
| 555 | 553 | ||
| 554 | if (ret) | ||
| 555 | return ret; | ||
| 556 | |||
| 556 | filp->private_data = kmalloc(PAGE_SIZE, GFP_KERNEL); | 557 | filp->private_data = kmalloc(PAGE_SIZE, GFP_KERNEL); |
| 557 | if (!filp->private_data) | 558 | if (!filp->private_data) |
| 558 | return -ENOMEM; | 559 | return -ENOMEM; |