diff options
| author | Richard Weinberger <[email protected]> | 2011-03-23 16:43:11 -0700 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2011-03-23 19:46:54 -0700 |
| commit | bfdc0b497faa82a0ba2f9dddcf109231dd519fcc (patch) | |
| tree | 932897262447dacb7158b81209748a295d93e20b /tools/perf/scripts/python/sched-migration.py | |
| parent | cb16e95fa2996743a6e80a665ed2ed0590bd38cf (diff) | |
sysctl: restrict write access to dmesg_restrict
When dmesg_restrict is set to 1 CAP_SYS_ADMIN is needed to read the kernel
ring buffer. But a root user without CAP_SYS_ADMIN is able to reset
dmesg_restrict to 0.
This is an issue when e.g. LXC (Linux Containers) are used and complete
user space is running without CAP_SYS_ADMIN. A unprivileged and jailed
root user can bypass the dmesg_restrict protection.
With this patch writing to dmesg_restrict is only allowed when root has
CAP_SYS_ADMIN.
Signed-off-by: Richard Weinberger <[email protected]>
Acked-by: Dan Rosenberg <[email protected]>
Acked-by: Serge E. Hallyn <[email protected]>
Cc: Eric Paris <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: James Morris <[email protected]>
Cc: Eugene Teo <[email protected]>
Cc: <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/sched-migration.py')
0 files changed, 0 insertions, 0 deletions