X-Git-Url: http://ftp.safe.ca/?a=blobdiff_plain;f=security%2Fmin_addr.c;h=e86f297522bfb9ea91de0ad929034bcccd59d57f;hb=404e781249f003a37a140756fc4aeae463dcb217;hp=14cc7b3b8d0379ef0cd17e071aa2821ea6dd4a95;hpb=a2551df7ec568d87793d2eea4ca744e86318f205;p=safe%2Fjmp%2Flinux-2.6

diff --git a/security/min_addr.c b/security/min_addr.c
index 14cc7b3..e86f297 100644
--- a/security/min_addr.c
+++ b/security/min_addr.c
@@ -28,19 +28,22 @@ static void update_mmap_min_addr(void)
  * sysctl handler which just sets dac_mmap_min_addr = the new value and then
  * calls update_mmap_min_addr() so non MAP_FIXED hints get rounded properly
  */
-int mmap_min_addr_handler(struct ctl_table *table, int write, struct file *filp,
+int mmap_min_addr_handler(struct ctl_table *table, int write,
 			  void __user *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret;
 
-	ret = proc_doulongvec_minmax(table, write, filp, buffer, lenp, ppos);
+	if (!capable(CAP_SYS_RAWIO))
+		return -EPERM;
+
+	ret = proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
 
 	update_mmap_min_addr();
 
 	return ret;
 }
 
-int __init init_mmap_min_addr(void)
+static int __init init_mmap_min_addr(void)
 {
 	update_mmap_min_addr();