[PATCH] Audit capabilities
Serge Hallyn
serue at us.ibm.com
Fri Jan 7 16:16:01 UTC 2005
Attached is a new patch to introduce CAP_AUDIT_CONTROL and
CAP_AUDIT_WRITE. Thank you all for the clarifications on appropriate
caps.
Purpose: Audit message authentication is being done on the process
receiving the message, which may not be the process sending the message.
This patch sets the sk_buff eff_caps according to the sender
permissions, and authenticates audit message handling based on that. It
also switches from using CAP_SYS_ADMIN to using AUDIT capabilities.
Changelog:
12-20-2005: Switch from CAP_[SYS,NET]_ADMIN to AUDIT capabilities.
12-27-2005: Use dummy_capget in dummy_netlink_send, and correctly mask
the skb's eff_cap according to selinux perms.
12-28-2005: Use avc_has_perm_noaudit in selinux_netlink_send to use
cached decisions.
01-06-2005: Switch to using CAP_AUDIT_CONTROL and CAP_AUDIT_WRITE.
thanks,
-serge
--
Serge Hallyn <serue at us.ibm.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: audit-caps.patch
Type: text/x-patch
Size: 7106 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050107/0f91f541/attachment.bin>
More information about the Linux-audit
mailing list