[PATCH] LSM hooks for audit
Stephen Smalley
sds at epoch.ncsc.mil
Wed Sep 15 18:53:55 UTC 2004
Sorry, I wasn't thinking in my initial response. These operations are
exported via netlink, which is async, right? Hence, permission checks
based on current, including the existing capable() checks, are bogus;
you would be checking in the receiving context, not necessarily the
sending context. Sending context is not conveyed at present via
netlink_skb_parms (no security field) other than uid and capability
set. You can performs check upon netlink_send; see what SELinux does
there. SELinux policy already governs ability to create and use
netlink_audit_sockets and maps the netlink operations to read or write
flows, but doesn't offer any finer granularity than that.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the Linux-audit
mailing list