| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1375861035-24320-6-git-send-email-rui.xiang@huawei.com>
Date: Wed, 7 Aug 2013 15:37:09 +0800
From: Rui Xiang <rui.xiang@...wei.com>
To: <containers@...ts.linux-foundation.org>,
<linux-kernel@...r.kernel.org>
CC: <netdev@...r.kernel.org>, <netfilter-devel@...r.kernel.org>,
<serge.hallyn@...ntu.com>, <ebiederm@...ssion.com>,
<akpm@...ux-foundation.org>, <gaofeng@...fujitsu.com>,
<guz.fnst@...fujitsu.com>, <libo.chen@...wei.com>,
Rui Xiang <rui.xiang@...wei.com>
Subject: [PATCH v3 05/11] syslog_ns: make permisiion check per user namespace
Use ns_capable to check capability in user ns,
instead of capable function. The user ns is the
owner of current syslog ns.
Signed-off-by: Rui Xiang <rui.xiang@...wei.com>
---
kernel/printk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/printk.c b/kernel/printk.c
index e508ab2..ca951e7 100644
--- a/kernel/printk.c
+++ b/kernel/printk.c
@@ -374,13 +374,13 @@ static int check_syslog_permissions(int type, bool from_file,
return 0;
if (syslog_action_restricted(type, ns)) {
- if (capable(CAP_SYSLOG))
+ if (ns_capable(ns->owner, CAP_SYSLOG))
return 0;
/*
* For historical reasons, accept CAP_SYS_ADMIN too, with
* a warning.
*/
- if (capable(CAP_SYS_ADMIN)) {
+ if (ns_capable(ns->owner, CAP_SYS_ADMIN)) {
pr_warn_once("%s (%d): Attempt to access syslog with "
"CAP_SYS_ADMIN but no CAP_SYSLOG "
"(deprecated).\n",
--
1.8.2.2
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists