Here's yet another revision of the /proc/kmsg permissions patch series. To recap, the point is to allow klogd to drop privileges and continue reading from /proc/kmsg (currently, even if klogd has a legitimately opened fd on /proc/kmsg, it cannot read from it unless it has CAP_SYS_ADMIN asserted). SELinux's pickier and finer-grained privilege rules for /proc/kmsg are unchanged.
There are two significant changes from the previous revision. First, in keeping with the recommended style, I have eliminated the security_syslog_or_fail() macro. Instead there is a static array mapping KLOG_* opcodes to LSM_KLOG_* privilege classes. This requires slightly different coding in the security hooks but I think it's clearer overall. Second, I've incorporated Vincent Legoll's kerneldoc comment for sys_syslog (nee do_syslog) with some wording improvements and expansion to cover the klog_* functions introduced part-way through the patch. I don't think proc/kmsg.c needs kerneldoc, it's very simple after this patch series. I've been through Documentation/CodingStyle and satisfied myself that everything is now in the proper mode. I don't suppose anyone has comments on the *content* of the changes...? zw - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
