audit 1.2.2 released
Steve Grubb
sgrubb at redhat.com
Wed May 24 13:04:15 UTC 2006
On Tuesday 23 May 2006 18:20, Michael C Thompson wrote:
> socket_has_perm returns 0,
This function is not exactly the one I was after..
3387 static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
3388 {
<snip>
3401 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
3402 if (err) {
<snip>
3415 goto out;
3416 }
3417
3418 err = socket_has_perm(current, sock, perm);
3419 out:
3420 return err;
3421 }
Socket_has_perm has the second vote. This function in turn gets called by
selinux_netlink_send, so that is probably the best place to hook.
> If you have any possible fixes, I'll gladly test them, but currently,
> I'm at a loss for time and can't continue.
I guess I'll put the hooks in the next kernel and let you test them.
-Steve
More information about the Linux-audit
mailing list