| From 1a51410abe7d0ee4b1d112780f46df87d3621043 Mon Sep 17 00:00:00 2001 |
| From: Linus Torvalds <torvalds@linux-foundation.org> |
| Date: Mon, 19 Sep 2011 17:04:37 -0700 |
| Subject: Make TASKSTATS require root access |
| |
| From: Linus Torvalds <torvalds@linux-foundation.org> |
| |
| commit 1a51410abe7d0ee4b1d112780f46df87d3621043 upstream. |
| |
| Ok, this isn't optimal, since it means that 'iotop' needs admin |
| capabilities, and we may have to work on this some more. But at the |
| same time it is very much not acceptable to let anybody just read |
| anybody elses IO statistics quite at this level. |
| |
| Use of the GENL_ADMIN_PERM suggested by Johannes Berg as an alternative |
| to checking the capabilities by hand. |
| |
| Reported-by: Vasiliy Kulikov <segoon@openwall.com> |
| Cc: Johannes Berg <johannes.berg@intel.com> |
| Acked-by: Balbir Singh <bsingharora@gmail.com> |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Cc: Moritz Mühlenhoff <jmm@inutil.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| kernel/taskstats.c | 1 + |
| 1 file changed, 1 insertion(+) |
| |
| --- a/kernel/taskstats.c |
| +++ b/kernel/taskstats.c |
| @@ -657,6 +657,7 @@ static struct genl_ops taskstats_ops = { |
| .cmd = TASKSTATS_CMD_GET, |
| .doit = taskstats_user_cmd, |
| .policy = taskstats_cmd_get_policy, |
| + .flags = GENL_ADMIN_PERM, |
| }; |
| |
| static struct genl_ops cgroupstats_ops = { |
