[PATCH] Audit capabilities
Serge E. Hallyn
serue at us.ibm.com
Wed Jan 12 03:29:04 UTC 2005
The idea of exporting netlink_get_msgtype was that LSMs which want
to implement finer grained controls than the capabilities, could
do so using netlink_get_msgtype at security_netlink_send().
-serge
Quoting Darrel Goeddel (dgoeddel at trustedcs.com):
> Serge Hallyn wrote:
> >Attached is a new patch to introduce CAP_AUDIT_CONTROL and
> >CAP_AUDIT_WRITE. Thank you all for the clarifications on appropriate
> >caps.
> >
>
> Sorry for the delay on this response. At least this comment is not of
> great importance :)
>
> It seems that netlink_get_msgtype is not really needed here. The type is
> already available in audit_receive_msg and can be passed to
> audit_netlink_ok; and the length checks performed by netlink_get_msgtype
> will never catch a failure because the same checks are already done by
> audit_receive_skb. Removing this function would remove the need to modify
> the netlink.h and af_netlink.c files.
>
> --
>
> Darrel
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> http://www.redhat.com/mailman/listinfo/linux-audit
>
More information about the Linux-audit
mailing list