Here's a re-revised version of my patch set to allow klogd to drop privileges and continue reading from /proc/kmsg (currently, even if klogd has a legitimately opened fd on /proc/kmsg, it cannot read from it unless it has CAP_SYS_ADMIN asserted). SELinux's pickier and finer-grained privilege rules for /proc/kmsg are unchanged.
The major change from the previous patchset [q.v. http://comments.gmane.org/gmane.linux.kernel/466034 ] is that, as Arjan van de Ven requested, the new header linux/klog.h contains only userspace-visible definitions (the constants for sys_syslog()). Thanks to Alexey Dobriyan for telling me the proper place to put the KLOGSEC_* constants (now renamed LSM_KLOG_* in keeping with other such constants). They have also been rediffed versus yesterday's git. They should be applied in sequence; each step compiles, and the complete set has been booted and tested to work as intended. Any comments, as usual, appreciated. I would very much like to see this in 2.6.20. zw - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
