[RFC][PATCH] collect security labels on user processes generating audit messages
James Morris
jmorris at redhat.com
Thu Feb 9 14:58:48 UTC 2006
On Wed, 8 Feb 2006, Timothy R. Chavez wrote:
> 1) A new SELinux interface was introduced to give other parts of the
> kernel the ability to resolve 'sids' into security labels.
Please look at the way I intend to export SELinux APIs in:
http://people.redhat.com/jmorris/selinux/skfilter/kernel/12-skfilter-selinux-exports.patch
> +++ b/include/linux/netlink.h
> @@ -143,6 +143,7 @@ struct netlink_skb_parms
> __u32 dst_group;
> kernel_cap_t eff_cap;
> __u32 loginuid; /* Login (audit) uid */
> + __u32 secid; /* SELinux security id */
> };
You also need to verify the policy serial number.
I wonder if it might be better to use the security context directly.
> @@ -460,11 +464,26 @@ static int audit_receive_msg(struct sk_b
> err = 0;
> ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
> if (ab) {
> + len = selinux_sid_to_context(sid, NULL, 0);
This is embedding SELinux specific code into the audit code. I think you
need to add some audit/SELinux glue code which disappears if SELinux is
not enabled.
> + NETLINK_CB(skb).secid = security_task_getsid(current);
security_task_getsid() doesn't exist.
You created security_task_getsecurity(), which retrieves the security
context.
- James
--
James Morris
<jmorris at redhat.com>
More information about the Linux-audit
mailing list