Two netlink patches
Stephen Smalley
sds at epoch.ncsc.mil
Thu Dec 16 15:29:41 UTC 2004
On Thu, 2004-12-16 at 11:25, Serge Hallyn wrote:
> Hi,
>
> I believe a single CAP_AUDIT_CONTROL bit should suffice for defining an
> MRMLOSPP-compliant audit role. I will send out a new patch asap which
> also nixes cap_netlink_audit_send and just leaves the code in dummy.
>
> Does this seem sufficient? Or do you (Chris) object to having this test
> in the netlink send codepath? As far as I can see, the only legitimate
> alternative would be to in fact move audit control to a different
> (pseudo-fs?) interface.
For just a capability check, you can check on the receive path based on
NETLINK_CREDS(skb)->eff_cap, as long as the security modules set all of
the capability bits in that field properly (commoncap already does so,
and SELinux and dummy could easily be changed to do so). In contrast,
we don't have that option for SELinux permissions, because we don't have
any way to convey either the sender security context or the computed
permissions in NETLINK_CREDS without extending that structure.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the Linux-audit
mailing list