proc.5: Document /proc/sys/kernel/dmesg_restrict Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

commit: a1da75e7d62807df32d2babfc70cd67ab91fe91d [log] [tgz]
author: Kees Cook <keescook@chromium.org> Fri Jan 11 12:52:03 2013 +0100
committer: Michael Kerrisk <mtk.manpages@gmail.com> Fri Jan 11 12:52:03 2013 +0100
tree: 93e9e51df7469660f1b42327a52ec3a4493dd7d7
parent: 25fc6a84b87d7bf8f30be3e0e60714d0f46382a6 [diff]
diff --git a/man5/proc.5 b/man5/proc.5
index 8046917..7a132e3 100644
--- a/man5/proc.5
+++ b/man5/proc.5

@@ -2560,6 +2560,19 @@
 ever reaches the kernel tty layer, and it's up to the program
 to decide what to do with it.
 .TP
+.IR /proc/sys/kernel/dmesg_restrict " (since Linux 2.6.37)"
+The value in this file determines who can see kernel syslog contents.
+A value of 0 in this file imposes no restrictions.
+If the value is 1, only privileged users can read the kernel syslog.
+(See
+.BR syslog (2)
+for more details.)
+Since Linux 3.4,
+.\" commit 620f6e8e855d6d447688a5f67a4e176944a084e8
+only users with the
+.BR CAP_SYS_ADMIN
+capability may change the value in this file.
+.TP
 .IR /proc/sys/kernel/domainname " and " /proc/sys/kernel/hostname
 can be used to set the NIS/YP domainname and the
 hostname of your box in exactly the same way as the commands
commit	a1da75e7d62807df32d2babfc70cd67ab91fe91d	[log] [tgz]
author	Kees Cook <keescook@chromium.org>	Fri Jan 11 12:52:03 2013 +0100
committer	Michael Kerrisk <mtk.manpages@gmail.com>	Fri Jan 11 12:52:03 2013 +0100
tree	93e9e51df7469660f1b42327a52ec3a4493dd7d7
parent	25fc6a84b87d7bf8f30be3e0e60714d0f46382a6 [diff]