Kees Cook 002345925e syslog: distinguish between /proc/kmsg and syscalls ... This allows the LSM to distinguish between syslog functions originating from /proc/kmsg access and direct syscalls. By default, the commoncaps will now no longer require CAP_SYS_ADMIN to read an opened /proc/kmsg file descriptor. For example the kernel syslog reader can now drop privileges after opening /proc/kmsg, instead of staying privileged with CAP_SYS_ADMIN. MAC systems that implement security_syslog have unchanged behavior. Signed-off-by: Kees Cook <kees.cook@canonical.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>		2010-02-04 14:20:12 +11:00
..
integrity/ima	ima: limit imbalance msg	2009-12-16 12:16:48 -05:00
keys	Keys: KEYCTL_SESSION_TO_PARENT needs TIF_NOTIFY_RESUME architecture support	2009-12-17 09:27:59 +11:00
selinux	syslog: distinguish between /proc/kmsg and syscalls	2010-02-04 14:20:12 +11:00
smack	syslog: distinguish between /proc/kmsg and syscalls	2010-02-04 14:20:12 +11:00
tomoyo	TOMOYO: Remove usage counter for temporary memory.	2010-01-27 08:20:48 +11:00
Kconfig	remove CONFIG_SECURITY_FILE_CAPABILITIES compile option	2009-11-24 15:06:47 +11:00
Makefile	NOMMU: Optimise away the {dac_,}mmap_min_addr tests	2009-12-17 09:25:19 +11:00
capability.c	security: report the module name to security_module_request	2009-11-10 09:33:46 +11:00
commoncap.c	syslog: distinguish between /proc/kmsg and syscalls	2010-02-04 14:20:12 +11:00
device_cgroup.c	cgroups: let ss->can_attach and ss->attach do whole threadgroups at a time	2009-09-24 07:20:58 -07:00
inode.c	securityfs: securityfs_remove should handle IS_ERR pointers	2009-05-12 11:06:11 +10:00
lsm_audit.c	Merge branch 'master' of /home/davem/src/GIT/linux-2.6/	2009-12-05 15:22:26 -08:00
min_addr.c	security/min_addr.c: make init_mmap_min_addr() static	2009-12-17 09:24:22 +11:00
security.c	syslog: distinguish between /proc/kmsg and syscalls	2010-02-04 14:20:12 +11:00