[PATCH] Add audit uid to netlink credentials
Serge Hallyn
serue at us.ibm.com
Wed Feb 9 14:50:59 UTC 2005
On Wed, 2005-02-09 at 14:17 +0000, David Woodhouse wrote:
> The only time it's possibly worth verifying it is for the case where
> userspace is sending AUDIT_USER messages -- for which the process needs
> CAP_AUDIT_WRITE anyway.
CAP_AUDIT_WRITE is needed, but not CAP_AUDIT_CONTROL, which is needed to
set the loginuid. Of course, an LSM could check at
security_netlink_send whether the login_uid in the payload is the same
as the real loginuid. Otherwise, we're wasting a (very precious)
capability bit.
In either case, have we decided we don't want it in the netlink
credentials after all?
thanks,
-serge
--
Serge Hallyn <serue at us.ibm.com>
More information about the Linux-audit
mailing list