From: Zack Weinberg <zackw@panix.com>
To: Stephen Smalley <sds@tycho.nsa.gov>,
jmorris@namei.org, Chris Wright <chrisw@sous-sol.org>,
Vincent Legoll <vlegoll@9online.fr>
Cc: linux-kernel@vger.kernel.org
Subject: [patch 0/4] /proc/kmsg permissions, take four
Date: Sun, 24 Dec 2006 12:22:07 -0800 [thread overview]
Message-ID: <20061224202207.150596681@panix.com> (raw)
Here's yet another revision of the /proc/kmsg permissions patch
series. To recap, the point is to allow klogd to drop privileges
and continue reading from /proc/kmsg (currently, even if klogd has a
legitimately opened fd on /proc/kmsg, it cannot read from it unless
it has CAP_SYS_ADMIN asserted). SELinux's pickier and finer-grained
privilege rules for /proc/kmsg are unchanged.
There are two significant changes from the previous revision. First,
in keeping with the recommended style, I have eliminated the
security_syslog_or_fail() macro. Instead there is a static array mapping
KLOG_* opcodes to LSM_KLOG_* privilege classes. This requires slightly
different coding in the security hooks but I think it's clearer overall.
Second, I've incorporated Vincent Legoll's kerneldoc comment for sys_syslog
(nee do_syslog) with some wording improvements and expansion to cover the
klog_* functions introduced part-way through the patch. I don't think
proc/kmsg.c needs kerneldoc, it's very simple after this patch series.
I've been through Documentation/CodingStyle and satisfied myself that
everything is now in the proper mode. I don't suppose anyone has comments
on the *content* of the changes...?
zw
next reply other threads:[~2006-12-24 20:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-24 20:22 Zack Weinberg [this message]
2006-12-24 20:22 ` [patch 1/4] Add <linux/klog.h> Zack Weinberg
2006-12-24 21:00 ` Jan Engelhardt
2006-12-27 23:25 ` Vincent Legoll
2006-12-24 20:22 ` [patch 2/4] permission mapping for sys_syslog operations Zack Weinberg
2006-12-24 20:22 ` [patch 3/4] Refactor do_syslog interface Zack Weinberg
2006-12-24 20:22 ` [patch 4/4] Distinguish /proc/kmsg access from sys_syslog Zack Weinberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061224202207.150596681@panix.com \
--to=zackw@panix.com \
--cc=chrisw@sous-sol.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=vlegoll@9online.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox