Allow reading tainted flag as user

The commit 34f5a39899f3f3e815da64f48ddb72942d86c366 restricted reading
of the tainted value. The attached patch changes this back to a
write-only check and restores the read behaviour of older versions.

Signed-off-by: Bastian Blank <bastian@waldi.eu.org>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 1b255df4fcd0a4036c1c34fb6da31a0470742f59..c904748f2290d8c48edca2dd451e1d71f4593b49 100644 (file)
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1676,7 +1676,7 @@ static int proc_dointvec_taint(ctl_table *table, int write, struct file *filp,
 {
        int op;
 
-       if (!capable(CAP_SYS_ADMIN))
+       if (write && !capable(CAP_SYS_ADMIN))
                return -EPERM;
 
        op = OP_OR;