lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 18 Feb 2011 08:55:02 -0600
From:	"Serge E. Hallyn" <serge.hallyn@...onical.com>
To:	Michael Kerrisk <mtk.manpages@...il.com>
Cc:	Kees Cook <kees@...ntu.com>, lkml <linux-kernel@...r.kernel.org>
Subject: [PATCH 1/1] Update manpages with CAP_SYSLOG info

Hi Michael,

Here my attempt at a man-pages update to specify CAP_SYSLOG.

thanks,
-serge

Signed-off-by: Serge Hallyn <serge.hallyn@...onical.com>
---
 man2/syslog.2       |    4 +++-
 man7/capabilities.7 |    9 +++++++++
 2 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/man2/syslog.2 b/man2/syslog.2
index fb018a6..7383e2f 100644
--- a/man2/syslog.2
+++ b/man2/syslog.2
@@ -237,7 +237,9 @@ An attempt was made to change console_loglevel or clear the kernel
 message ring buffer by a process without sufficient privilege
 (more precisely: without the
 .B CAP_SYS_ADMIN
-capability).
+or
+.B CAP_SYSLOG
+(since 2.6.38) capability).
 .TP
 .B ERESTARTSYS
 System call was interrupted by a signal; nothing was read.
diff --git a/man7/capabilities.7 b/man7/capabilities.7
index a751b21..55177dc 100644
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@@ -236,6 +236,9 @@ Perform a range of system administration operations including:
 .BR umount (2),
 .BR swapon (2),
 .BR swapoff (2),
+privileged
+.BR syslog(2)
+operations (see CAP_SYSLOG),
 .BR sethostname (2),
 and
 .BR setdomainname (2);
@@ -421,6 +424,12 @@ set real-time (hardware) clock.
 .B CAP_SYS_TTY_CONFIG
 Use
 .BR vhangup (2).
+.TP
+.B CAP_SYSLOG
+Since 2.6.38, this capability can be substituted for CAP_SYS_ADMIN for
+privileged syslog(2) actions.  When dmesg_restrict is set, that means
+any call to syslog.  Otherwise, it means any action other than reading
+the last kernel messages or getting the size of the log buffer.
 .\"
 .SS Past and Current Implementation
 A full implementation of capabilities requires that:
-- 
1.7.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ