1 files changed, 14 insertions, 0 deletions

diff --git a/main/linux-virt-grsec/remove-cap-sys-admin-for-proc-sys.patch b/main/linux-virt-grsec/remove-cap-sys-admin-for-proc-sys.patch
new file mode 100644
index 0000000000..6fa56ba134
--- /dev/null
+++ b/main/linux-virt-grsec/remove-cap-sys-admin-for-proc-sys.patch
@@ -0,0 +1,14 @@
+diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
+index 1e6dc7e..d65d119 100644
+--- a/fs/proc/proc_sysctl.c
++++ b/fs/proc/proc_sysctl.c
+@@ -521,8 +521,6 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
+ 	dput(filp->f_path.dentry);
+ 	if (!gr_acl_handle_open(filp->f_path.dentry, filp->f_path.mnt, op))
+ 		goto out;
+-	if (write && !capable(CAP_SYS_ADMIN))
+-		goto out;
+ #endif
+ 
+ 	/* careful: calling conventions are nasty here */
+