.\" 2008-02-15, Michael Kerrisk <mtk.manpages@gmail.com>
.\" Update LOG_BUF_LEN details; update RETURN VALUE section.
.\"
-.TH SYSLOG 2 2008-06-20 "Linux" "Linux Programmer's Manual"
+.TH SYSLOG 2 2011-09-07 "Linux" "Linux Programmer's Manual"
.SH NAME
syslog, klogctl \- read and/or clear kernel message ring buffer;
set console_loglevel
.BR syslog (3).
The system call of this name is about controlling the kernel
.IR printk ()
-buffer, and the glibc version is called
+buffer, and the glibc wrapper function is called
.BR klogctl ().
-The \fItype\fP argument determines the action taken by this function.
+The \fItype\fP argument determines the action taken by this function,
+as follows:
-Quoting from
-.IR kernel/printk.c :
.nf
-/*
- * Commands to sys_syslog:
- *
- * 0 \-\- Close the log. Currently a NOP.
- * 1 \-\- Open the log. Currently a NOP.
- * 2 \-\- Read from the log.
- * 3 \-\- Read all messages remaining in the ring buffer.
- * 4 \-\- Read and clear all messages remaining in the ring buffer
- * 5 \-\- Clear ring buffer.
- * 6 \-\- Disable printk to console
- * 7 \-\- Enable printk to console
- * 8 \-\- Set level of messages printed to console
- * 9 \-\- Return number of unread characters in the log buffer
- * 10 \-\- Return size of the log buffer
- */
+ 0 \-\- Close the log. Currently a NOP.
+ 1 \-\- Open the log. Currently a NOP.
+ 2 \-\- Read from the log.
+ 3 \-\- Read all messages remaining in the ring buffer.
+ 4 \-\- Read and clear all messages remaining in the ring buffer
+ 5 \-\- Clear ring buffer.
+ 6 \-\- Disable printk to console
+ 7 \-\- Enable printk to console
+ 8 \-\- Set level of messages printed to console
+ 9 \-\- Return number of unread characters in the log buffer
+ 10 \-\- Return size of the log buffer
.fi
-Only command types 3 and 10 are allowed to unprivileged processes.
-Type 9 was added in 2.4.10; type 10 in 2.6.6.
+Type 9 was added in Linux 2.4.10; type 10 in Linux 2.6.6.
+
+In Linux kernels before 2.6.37,
+only command types 3 and 10 are allowed to unprivileged processes.
+Since Linux 2.6.37,
+command types 3 and 10 are only allowed to unprivileged processes if
+.IR /proc/sys/kernel/dmesg_restrict
+has the value 0.
+Before Linux 2.6.37, "privileged" means that the caller has the
+.BR CAP_SYS_ADMIN
+capability.
+Since Linux 2.6.37,
+"privileged" means that the caller has either the
+.BR CAP_SYS_ADMIN
+capability (now deprecated for this purpose) or the (new)
+.BR CAP_SYSLOG
+capability.
.SS The kernel log buffer
The kernel has a cyclic buffer of length
.B LOG_BUF_LEN
message ring buffer by a process without sufficient privilege
(more precisely: without the
.B CAP_SYS_ADMIN
+or
+.BR CAP_SYSLOG
capability).
.TP
.B ERESTARTSYS
In glibc 2.0 the syscall is baptized
.BR klogctl ().
.SH "SEE ALSO"
-.BR syslog (3)
+.BR syslog (3),
+.BR capabilities (7)