From: Kees Cook <kees.cook@canonical.com>
Date: Wed, 3 Feb 2010 23:36:43 +0000 (-0800)
Subject: syslog: distinguish between /proc/kmsg and syscalls
X-Git-Tag: v2.6.34-rc1~228^2^2~18
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=002345925e6c45861f60db6f4fc6236713fd8847;p=pandora-kernel.git

syslog: distinguish between /proc/kmsg and syscalls

This allows the LSM to distinguish between syslog functions originating
from /proc/kmsg access and direct syscalls.  By default, the commoncaps
will now no longer require CAP_SYS_ADMIN to read an opened /proc/kmsg
file descriptor.  For example the kernel syslog reader can now drop
privileges after opening /proc/kmsg, instead of staying privileged with
CAP_SYS_ADMIN.  MAC systems that implement security_syslog have unchanged
behavior.

Signed-off-by: Kees Cook <kees.cook@canonical.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
---

Reading git-diff-tree failed