diff options
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/printk.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/kernel/printk.c b/kernel/printk.c index 4642a5c439eb..f64b8997fc76 100644 --- a/kernel/printk.c +++ b/kernel/printk.c | |||
| @@ -273,12 +273,12 @@ int do_syslog(int type, char __user *buf, int len, bool from_file) | |||
| 273 | * at open time. | 273 | * at open time. |
| 274 | */ | 274 | */ |
| 275 | if (type == SYSLOG_ACTION_OPEN || !from_file) { | 275 | if (type == SYSLOG_ACTION_OPEN || !from_file) { |
| 276 | if (dmesg_restrict && !capable(CAP_SYS_ADMIN)) | 276 | if (dmesg_restrict && !capable(CAP_SYSLOG)) |
| 277 | return -EPERM; | 277 | goto warn; /* switch to return -EPERM after 2.6.39 */ |
| 278 | if ((type != SYSLOG_ACTION_READ_ALL && | 278 | if ((type != SYSLOG_ACTION_READ_ALL && |
| 279 | type != SYSLOG_ACTION_SIZE_BUFFER) && | 279 | type != SYSLOG_ACTION_SIZE_BUFFER) && |
| 280 | !capable(CAP_SYS_ADMIN)) | 280 | !capable(CAP_SYSLOG)) |
| 281 | return -EPERM; | 281 | goto warn; /* switch to return -EPERM after 2.6.39 */ |
| 282 | } | 282 | } |
| 283 | 283 | ||
| 284 | error = security_syslog(type); | 284 | error = security_syslog(type); |
| @@ -422,6 +422,12 @@ int do_syslog(int type, char __user *buf, int len, bool from_file) | |||
| 422 | } | 422 | } |
| 423 | out: | 423 | out: |
| 424 | return error; | 424 | return error; |
| 425 | warn: | ||
| 426 | /* remove after 2.6.39 */ | ||
| 427 | if (capable(CAP_SYS_ADMIN)) | ||
| 428 | WARN_ONCE(1, "Attempt to access syslog with CAP_SYS_ADMIN " | ||
| 429 | "but no CAP_SYSLOG (deprecated and denied).\n"); | ||
| 430 | return -EPERM; | ||
| 425 | } | 431 | } |
| 426 | 432 | ||
| 427 | SYSCALL_DEFINE3(syslog, int, type, char __user *, buf, int, len) | 433 | SYSCALL_DEFINE3(syslog, int, type, char __user *, buf, int, len) |