syslog: check cap_syslog when dmesg_restrict

Eric Paris pointed out that it doesn't make sense to require both CAP_SYS_ADMIN and CAP_SYSLOG for certain syslog actions. So require CAP_SYSLOG, not CAP_SYS_ADMIN, when dmesg_restrict is set. (I'm also consolidating the now common error path) Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com> Acked-by: Eric Paris <eparis@redhat.com> Acked-by: Kees Cook <kees.cook@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
author: Serge E. Hallyn <serge@hallyn.com> 2010-12-08 10:19:01 -0500
committer: James Morris <jmorris@namei.org> 2010-12-08 17:48:48 -0500
commit: 38ef4c2e437d11b5922723504b62824e96761459 (patch)
tree: ccec1f38348af3c2776fc5bc0b589e14504f4b33 /Documentation/sysctl
parent: 5c6d1125f8dbd1bfef39e38fbc2837003be78a59 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
index 209e1584c3dc..574067194f38 100644
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -219,7 +219,7 @@ dmesg_restrict:
 This toggle indicates whether unprivileged users are prevented from using
 dmesg(8) to view messages from the kernel's log buffer.  When
 dmesg_restrict is set to (0) there are no restrictions.  When
-dmesg_restrict is set set to (1), users must have CAP_SYS_ADMIN to use
+dmesg_restrict is set set to (1), users must have CAP_SYSLOG to use
 dmesg(8).
 The kernel config option CONFIG_SECURITY_DMESG_RESTRICT sets the default
author	Serge E. Hallyn <serge@hallyn.com>	2010-12-08 10:19:01 -0500
committer	James Morris <jmorris@namei.org>	2010-12-08 17:48:48 -0500
commit	38ef4c2e437d11b5922723504b62824e96761459 (patch)
tree	ccec1f38348af3c2776fc5bc0b589e14504f4b33 /Documentation/sysctl
parent	5c6d1125f8dbd1bfef39e38fbc2837003be78a59 (diff)

diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt index 209e1584c3dc..574067194f38 100644 --- a/Documentation/sysctl/kernel.txt +++ b/Documentation/sysctl/kernel.txt
@@ -219,7 +219,7 @@ dmesg_restrict:
219	This toggle indicates whether unprivileged users are prevented from using	219	This toggle indicates whether unprivileged users are prevented from using
220	dmesg(8) to view messages from the kernel's log buffer. When	220	dmesg(8) to view messages from the kernel's log buffer. When
221	dmesg_restrict is set to (0) there are no restrictions. When	221	dmesg_restrict is set to (0) there are no restrictions. When
222	dmesg_restrict is set set to (1), users must have CAP_SYS_ADMIN to use	222	dmesg_restrict is set set to (1), users must have CAP_SYSLOG to use
223	dmesg(8).	223	dmesg(8).
224		224
225	The kernel config option CONFIG_SECURITY_DMESG_RESTRICT sets the default	225	The kernel config option CONFIG_SECURITY_DMESG_RESTRICT sets the default