[RFC][PATCH] loginuid through procfs (+ a question)
Darrel Goeddel
dgoeddel at trustedcs.com
Tue Jan 11 23:48:20 UTC 2005
Serge Hallyn wrote:
> Attached is a first stab at setting loginuid through /proc/$$/loginuid.
> Compiled and tested here.
>
I would recommend replacing the capable(CAP_AUDIT_CONTROL) call in
proc_loginuid_write with a LSM hook - possibly security_audit_set_loginid(...).
I do not think we even need the check in proc_loginuid_read. I previously
stated that level of responsibility implied by setting the login id lies
somewhere between writing an audit message and controlling the audit system. My
intention was to further segregate the operations through SELinux. Since this
is no longer a netlink message, SELinux can not distinguish the setting of a
loginid from the other audit control operations. In fact, it would be nice to
see all of the audit code not using capable at all, but rather using meaningful
LSM hooks that result in capable() calls in the dummy and capabilities module
(this would include the previous patch for audit.c and friends - sorry for not
thinking of this earlier). This will allow LSMs to implement fine-grained
control over the configuration of the audit subsystem that cannot be achieved
though the use of capable() - without adding a few more capabilities that is,
but there is only one left :)
--
Darrel
More information about the Linux-audit
mailing list