diff options
Diffstat (limited to 'kernel/printk.c')
| -rw-r--r-- | kernel/printk.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/kernel/printk.c b/kernel/printk.c index b2ebaee8c377..9a2264fc42ca 100644 --- a/kernel/printk.c +++ b/kernel/printk.c | |||
| @@ -261,6 +261,12 @@ static inline void boot_delay_msec(void) | |||
| 261 | } | 261 | } |
| 262 | #endif | 262 | #endif |
| 263 | 263 | ||
| 264 | #ifdef CONFIG_SECURITY_DMESG_RESTRICT | ||
| 265 | int dmesg_restrict = 1; | ||
| 266 | #else | ||
| 267 | int dmesg_restrict; | ||
| 268 | #endif | ||
| 269 | |||
| 264 | int do_syslog(int type, char __user *buf, int len, bool from_file) | 270 | int do_syslog(int type, char __user *buf, int len, bool from_file) |
| 265 | { | 271 | { |
| 266 | unsigned i, j, limit, count; | 272 | unsigned i, j, limit, count; |
| @@ -268,7 +274,20 @@ int do_syslog(int type, char __user *buf, int len, bool from_file) | |||
| 268 | char c; | 274 | char c; |
| 269 | int error = 0; | 275 | int error = 0; |
| 270 | 276 | ||
| 271 | error = security_syslog(type, from_file); | 277 | /* |
| 278 | * If this is from /proc/kmsg we only do the capabilities checks | ||
| 279 | * at open time. | ||
| 280 | */ | ||
| 281 | if (type == SYSLOG_ACTION_OPEN || !from_file) { | ||
| 282 | if (dmesg_restrict && !capable(CAP_SYS_ADMIN)) | ||
| 283 | return -EPERM; | ||
| 284 | if ((type != SYSLOG_ACTION_READ_ALL && | ||
| 285 | type != SYSLOG_ACTION_SIZE_BUFFER) && | ||
| 286 | !capable(CAP_SYS_ADMIN)) | ||
| 287 | return -EPERM; | ||
| 288 | } | ||
| 289 | |||
| 290 | error = security_syslog(type); | ||
| 272 | if (error) | 291 | if (error) |
| 273 | return error; | 292 | return error; |
| 274 | 293 | ||