1 files changed, 14 insertions, 1 deletions
diff --git a/kernel/printk.c b/kernel/printk.c
index 38e7d5868d60..9a2264fc42ca 100644
--- a/kernel/printk.c
+++ b/kernel/printk.c
@@ -274,7 +274,20 @@ int do_syslog(int type, char __user *buf, int len, bool from_file)
        char c;
        int error = 0;
-        error = security_syslog(type, from_file);
+        /*
+         * If this is from /proc/kmsg we only do the capabilities checks
+         * at open time.
+         */
+        if (type == SYSLOG_ACTION_OPEN || !from_file) {
+                if (dmesg_restrict && !capable(CAP_SYS_ADMIN))
+                        return -EPERM;
+                if ((type != SYSLOG_ACTION_READ_ALL &&
+                     type != SYSLOG_ACTION_SIZE_BUFFER) &&
+                    !capable(CAP_SYS_ADMIN))
+                        return -EPERM;
+        }
+        error = security_syslog(type);
        if (error)
                return error;

diff --git a/kernel/printk.c b/kernel/printk.c index 38e7d5868d60..9a2264fc42ca 100644 --- a/kernel/printk.c +++ b/kernel/printk.c
@@ -274,7 +274,20 @@ int do_syslog(int type, char __user *buf, int len, bool from_file)
274	char c;	274	char c;
275	int error = 0;	275	int error = 0;
276		276
277	error = security_syslog(type, from_file);	277	/*
		278	* If this is from /proc/kmsg we only do the capabilities checks
		279	* at open time.
		280	*/
		281	if (type == SYSLOG_ACTION_OPEN \|\| !from_file) {
		282	if (dmesg_restrict && !capable(CAP_SYS_ADMIN))
		283	return -EPERM;
		284	if ((type != SYSLOG_ACTION_READ_ALL &&
		285	type != SYSLOG_ACTION_SIZE_BUFFER) &&
		286	!capable(CAP_SYS_ADMIN))
		287	return -EPERM;
		288	}
		289
		290	error = security_syslog(type);
278	if (error)	291	if (error)
279	return error;	292	return error;
280		293