[RFC][PATCH] loginuid through procfs (+ a question)
Darrel Goeddel
dgoeddel at trustedcs.com
Thu Jan 27 20:01:38 UTC 2005
Stephen Smalley wrote:
> On Thu, 2005-01-27 at 13:39, Serge Hallyn wrote:
>
>>Are you considering posting a patch to convert the CAP_AUDIT_* checks
>>with lsm hooks? The other audit actions can still be distinguished
>>(though not as nicely) through selinux_netlink_send, but as you say, not
>>setting and reading loginuid, which I think could only be done through
>>policy at the moment.
>
>
> ...
>
> I agree that distinguishing setting of the loginuid from complete
> control of the audit framework would be useful, but it should be easy to
> replace your capable call with a LSM hook in the future.
>
I think this may be something we should look at after this patch goes upstream.
The current functionality of the patch is important and we should probably work
on getting this in as soon as possible. Changing to an LSM hook which will
require CAP_AUDIT_CONTROL in the capability and dummy module will not change
the behavior.
I do think we will want an LSM hook for setting the loginid in the future.
Since all of the other actions mediated by CAP_AUDIT_CONTROL can be
distinguished in a roundabout way through an access check based on the msg type
at the netlink_send hook, there is no need to add LSM hooks for these actions.
I would still be in favor of this however, because it would make the controls
much more straightforward.
--
Darrel
More information about the Linux-audit
mailing list