AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
bfdc0b497f
kernel_optimize_test/kernel
History
Richard Weinberger bfdc0b497f sysctl: restrict write access to dmesg_restrict 
When dmesg_restrict is set to 1 CAP_SYS_ADMIN is needed to read the kernel
ring buffer.  But a root user without CAP_SYS_ADMIN is able to reset
dmesg_restrict to 0.

This is an issue when e.g.  LXC (Linux Containers) are used and complete
user space is running without CAP_SYS_ADMIN.  A unprivileged and jailed
root user can bypass the dmesg_restrict protection.

With this patch writing to dmesg_restrict is only allowed when root has
CAP_SYS_ADMIN.

Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Dan Rosenberg <drosenberg@vsecurity.com>
Acked-by: Serge E. Hallyn <serge@hallyn.com>
Cc: Eric Paris <eparis@redhat.com>
Cc: Kees Cook <kees.cook@canonical.com>
Cc: James Morris <jmorris@namei.org>
Cc: Eugene Teo <eugeneteo@kernel.org>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-03-23 19:46:54 -07:00
..
debug
gcov Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6 2011-03-20 18:14:55 -07:00
irq genirq: Fix incorrect unlock in __setup_irq() 2011-03-17 15:52:30 +01:00
power Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6 2011-03-20 18:14:55 -07:00
time Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2011-03-15 18:53:35 -07:00
trace Merge branch 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2011-03-18 10:38:34 -07:00
.gitignore
acct.c
async.c
audit_tree.c
audit_watch.c kill path_lookup() 2011-03-14 09:15:23 -04:00
audit.c netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms 2011-03-03 10:55:40 -08:00
audit.h
auditfilter.c netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms 2011-03-03 10:55:40 -08:00
auditsc.c
backtracetest.c
bounds.c memcg: remove direct page_cgroup-to-page pointer 2011-03-23 19:46:28 -07:00
capability.c security: add cred argument to security_capable() 2011-02-11 17:41:58 +11:00
cgroup_freezer.c
cgroup.c cgroups: if you list_empty() a head then don't list_del() it 2011-03-22 17:43:58 -07:00
compat.c
configs.c
cpu.c kernel/cpu.c: fix many errors related to style. 2011-03-22 17:44:11 -07:00
cpuset.c cpuset: hold callback_mutex in cpuset_post_clone() 2011-03-23 19:46:35 -07:00
cred.c Merge commit 'v2.6.38-rc5' into core/locking 2011-02-16 13:33:41 +01:00
delayacct.c
dma.c
elfcore.c
exec_domain.c
exit.c
extable.c
fork.c sys_unshare: remove the dead CLONE_THREAD/SIGHAND/VM code 2011-03-22 17:44:11 -07:00
freezer.c
futex_compat.c
futex.c Merge branch 'core-locking-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2011-03-15 18:28:30 -07:00
groups.c
hrtimer.c Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2011-03-15 18:53:35 -07:00
hung_task.c
hw_breakpoint.c
irq_work.c
itimer.c
jump_label.c
kallsyms.c printk: use %pK for /proc/kallsyms and /proc/modules 2011-03-22 17:44:12 -07:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
kexec.c
kfifo.c
kmod.c
kprobes.c
ksysfs.c
kthread.c kthread: NUMA aware kthread_create_on_node() 2011-03-22 17:44:01 -07:00
latencytop.c
lockdep_internals.h
lockdep_proc.c
lockdep_states.h
lockdep.c
Makefile
module.c printk: use %pK for /proc/kallsyms and /proc/modules 2011-03-22 17:44:12 -07:00
mutex-debug.c
mutex-debug.h
mutex.c
mutex.h
notifier.c
ns_cgroup.c
nsproxy.c
padata.c
panic.c move x86 specific oops=panic to generic code 2011-03-22 17:44:11 -07:00
params.c
perf_event.c perf: Fix tear-down of inherited group events 2011-03-16 14:04:14 +01:00
pid_namespace.c
pid.c export pid symbols needed for kvm_vcpu_on_spin 2011-03-17 13:08:28 -03:00
pm_qos_params.c PM QoS: Make pm_qos settings readable 2011-03-15 00:43:18 +01:00
posix-cpu-timers.c
posix-timers.c timers: Export CLOCK_BOOTTIME via the posix timers interface 2011-02-21 12:53:09 -08:00
printk.c printk: allow setting DEFAULT_MESSAGE_LEVEL via Kconfig 2011-03-22 17:44:13 -07:00
profile.c
ptrace.c Mark ptrace_{traceme,attach,detach} static 2011-03-04 09:23:30 -08:00
range.c
rcupdate.c rcu: add comment saying why DEBUG_OBJECTS_RCU_HEAD depends on PREEMPT. 2011-03-04 08:05:41 -08:00
rcutiny_plugin.h rcu: call __rcu_read_unlock() in exit_rcu for tiny RCU 2011-03-04 08:05:08 -08:00
rcutiny.c
rcutorture.c rcutorture: Get rid of duplicate sched.h include 2011-03-04 08:05:17 -08:00
rcutree_plugin.h
rcutree_trace.c
rcutree.c
rcutree.h
relay.c
res_counter.c memcg: res_counter_read_u64(): fix potential races on 32-bit machines 2011-03-23 19:46:22 -07:00
resource.c
rtmutex_common.h
rtmutex-debug.c
rtmutex-debug.h
rtmutex-tester.c rtmutex: tester: Remove the remaining BKL leftovers 2011-02-22 22:07:22 +01:00
rtmutex.c
rtmutex.h
rwsem.c
sched_autogroup.c sched, autogroup: Stop claiming ownership of the root task group 2011-02-23 11:34:03 +01:00
sched_autogroup.h sched, autogroup: Stop going ahead if autogroup is disabled 2011-02-23 11:33:59 +01:00
sched_clock.c
sched_cpupri.c
sched_cpupri.h
sched_debug.c
sched_fair.c sched: Resched proper CPU on yield_to() 2011-03-04 11:14:31 +01:00
sched_features.h
sched_idletask.c
sched_rt.c Merge branch 'sched/urgent' into sched/core 2011-03-04 11:12:26 +01:00
sched_stats.h
sched_stoptask.c
sched.c Merge branch 'config' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bkl 2011-03-16 17:21:00 -07:00
seccomp.c
semaphore.c
signal.c Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code 2011-03-21 14:23:43 -07:00
smp.c smp: move smp setup functions to kernel/smp.c 2011-03-22 17:44:11 -07:00
softirq.c kthread: use kthread_create_on_node() 2011-03-22 17:44:01 -07:00
spinlock.c
srcu.c
stacktrace.c
stop_machine.c kthread: use kthread_create_on_node() 2011-03-22 17:44:01 -07:00
sys_ni.c vfs: Add open by file handle support 2011-03-15 02:21:44 -04:00
sys.c PM / Core: Introduce struct syscore_ops for core subsystems PM 2011-03-15 00:43:46 +01:00
sysctl_binary.c open-style analog of vfs_path_lookup() 2011-03-14 09:15:28 -04:00
sysctl_check.c sysctl_check: drop dead code 2011-03-23 19:46:51 -07:00
sysctl.c sysctl: restrict write access to dmesg_restrict 2011-03-23 19:46:54 -07:00
taskstats.c
test_kprobes.c
time.c Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2011-03-15 18:53:35 -07:00
timeconst.pl
timer.c Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2011-03-15 18:53:35 -07:00
tracepoint.c
tsacct.c
uid16.c
up.c
user_namespace.c
user-return-notifier.c
user.c
utsname_sysctl.c
utsname.c
wait.c
watchdog.c kernel/watchdog.c: always return NOTIFY_OK during cpu up/down events 2011-03-22 17:44:12 -07:00
workqueue_sched.h
workqueue.c kthread: use kthread_create_on_node() 2011-03-22 17:44:01 -07:00