| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Jul 2013 10:31:16 +0800
From: Rui Xiang <rui.xiang@...wei.com>
To: <containers@...ts.linux-foundation.org>,
<linux-kernel@...r.kernel.org>
CC: <serge.hallyn@...ntu.com>, <ebiederm@...ssion.com>,
<akpm@...ux-foundation.org>, <gaofeng@...fujitsu.com>,
<libo.chen@...wei.com>, Rui Xiang <rui.xiang@...wei.com>
Subject: [PATCH 5/9] syslog_ns: make permisiion check per user namespace
Use ns_capable to check capability in user ns,
instead of capable function. The user ns is the
owner of current syslog ns.
Signed-off-by: Rui Xiang <rui.xiang@...wei.com>
---
kernel/printk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/printk.c b/kernel/printk.c
index 846fef5..c5c65a8 100644
--- a/kernel/printk.c
+++ b/kernel/printk.c
@@ -380,13 +380,13 @@ static int check_syslog_permissions(int type, bool from_file,
return 0;
if (syslog_action_restricted(type, ns)) {
- if (capable(CAP_SYSLOG))
+ if (ns_capable(ns->owner, CAP_SYSLOG))
return 0;
/*
* For historical reasons, accept CAP_SYS_ADMIN too, with
* a warning.
*/
- if (capable(CAP_SYS_ADMIN)) {
+ if (ns_capable(ns->owner, CAP_SYS_ADMIN)) {
pr_warn_once("%s (%d): Attempt to access syslog with "
"CAP_SYS_ADMIN but no CAP_SYSLOG "
"(deprecated).\n",
--
1.8.2.2
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists