aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation/sysctl/kernel.txt
diff options
context:
space:
mode:
authorSerge E. Hallyn <serge@hallyn.com>2010-12-08 10:19:01 -0500
committerJames Morris <jmorris@namei.org>2010-12-08 17:48:48 -0500
commit38ef4c2e437d11b5922723504b62824e96761459 (patch)
treeccec1f38348af3c2776fc5bc0b589e14504f4b33 /Documentation/sysctl/kernel.txt
parent5c6d1125f8dbd1bfef39e38fbc2837003be78a59 (diff)
syslog: check cap_syslog when dmesg_restrict
Eric Paris pointed out that it doesn't make sense to require both CAP_SYS_ADMIN and CAP_SYSLOG for certain syslog actions. So require CAP_SYSLOG, not CAP_SYS_ADMIN, when dmesg_restrict is set. (I'm also consolidating the now common error path) Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com> Acked-by: Eric Paris <eparis@redhat.com> Acked-by: Kees Cook <kees.cook@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'Documentation/sysctl/kernel.txt')
-rw-r--r--Documentation/sysctl/kernel.txt2
1 files changed, 1 insertions, 1 deletions
diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
index 209e1584c3dc..574067194f38 100644
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -219,7 +219,7 @@ dmesg_restrict:
219This toggle indicates whether unprivileged users are prevented from using 219This toggle indicates whether unprivileged users are prevented from using
220dmesg(8) to view messages from the kernel's log buffer. When 220dmesg(8) to view messages from the kernel's log buffer. When
221dmesg_restrict is set to (0) there are no restrictions. When 221dmesg_restrict is set to (0) there are no restrictions. When
222dmesg_restrict is set set to (1), users must have CAP_SYS_ADMIN to use 222dmesg_restrict is set set to (1), users must have CAP_SYSLOG to use
223dmesg(8). 223dmesg(8).
224 224
225The kernel config option CONFIG_SECURITY_DMESG_RESTRICT sets the default 225The kernel config option CONFIG_SECURITY_DMESG_RESTRICT sets the default