Make TASKSTATS require root access

commit 1a51410abe7d0ee4b1d112780f46df87d3621043 upstream. Ok, this isn't optimal, since it means that 'iotop' needs admin capabilities, and we may have to work on this some more. But at the same time it is very much not acceptable to let anybody just read anybody elses IO statistics quite at this level. Use of the GENL_ADMIN_PERM suggested by Johannes Berg as an alternative to checking the capabilities by hand. Reported-by: Vasiliy Kulikov <segoon@openwall.com> Cc: Johannes Berg <johannes.berg@intel.com> Acked-by: Balbir Singh <bsingharora@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Moritz Mühlenhoff <jmm@inutil.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Willy Tarreau <w@1wt.eu>
author: Linus Torvalds <torvalds@linux-foundation.org> 2011-09-19 17:04:37 -0700
committer: Willy Tarreau <w@1wt.eu> 2012-02-11 15:38:05 +0100
commit: 52556d4b189c73376320ff502204db73c1ce4455 (patch)
tree: 40465bf7dfa66ffe4994992d112ad990cb3a9698
parent: 75016c6eb34d4e3a840a4b7dc2faf05e7715b105 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/kernel/taskstats.c b/kernel/taskstats.c
index bd6be76303c..7fdd65b30da 100644
--- a/kernel/taskstats.c
+++ b/kernel/taskstats.c
@@ -574,6 +574,7 @@ static struct genl_ops taskstats_ops = {
 	.cmd		= TASKSTATS_CMD_GET,
 	.doit		= taskstats_user_cmd,
 	.policy		= taskstats_cmd_get_policy,
+	.flags		= GENL_ADMIN_PERM,
 };
 
 static struct genl_ops cgroupstats_ops = {
author	Linus Torvalds <torvalds@linux-foundation.org>	2011-09-19 17:04:37 -0700
committer	Willy Tarreau <w@1wt.eu>	2012-02-11 15:38:05 +0100
commit	52556d4b189c73376320ff502204db73c1ce4455 (patch)
tree	40465bf7dfa66ffe4994992d112ad990cb3a9698
parent	75016c6eb34d4e3a840a4b7dc2faf05e7715b105 (diff)