mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-05 03:44:03 +08:00
efi/esrt: Allow ESRT access without CAP_SYS_ADMIN
Access to the files in /sys/firmware/efi/esrt has been restricted to CAP_SYS_ADMIN since support for ESRT was added, but this seems overly restrictive given that the files are read-only and just provide information about UEFI firmware updates. Remove the CAP_SYS_ADMIN restriction so that a non-root process can read the files, provided a suitably-privileged process changes the file ownership first. The files are still read-only and still owned by root by default. Signed-off-by: Nicholas Bishop <nicholasbishop@google.com> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
This commit is contained in:
parent
d86ff3333c
commit
d0a1865cf7
@ -95,10 +95,6 @@ static ssize_t esre_attr_show(struct kobject *kobj,
|
||||
struct esre_entry *entry = to_entry(kobj);
|
||||
struct esre_attribute *attr = to_attr(_attr);
|
||||
|
||||
/* Don't tell normal users what firmware versions we've got... */
|
||||
if (!capable(CAP_SYS_ADMIN))
|
||||
return -EACCES;
|
||||
|
||||
return attr->show(entry, buf);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user