audit 1.2.2 released
Michael C Thompson
thompsmc at us.ibm.com
Wed May 24 20:30:55 UTC 2006
Steve Grubb wrote:
> On Tuesday 23 May 2006 18:20, Michael C Thompson wrote:
>> socket_has_perm returns 0,
>
> This function is not exactly the one I was after..
>
> 3387 static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
> 3388 {
> <snip>
> 3401 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
> 3402 if (err) {
> <snip>
> 3415 goto out;
> 3416 }
> 3417
> 3418 err = socket_has_perm(current, sock, perm);
> 3419 out:
> 3420 return err;
> 3421 }
>
> Socket_has_perm has the second vote. This function in turn gets called by
> selinux_netlink_send, so that is probably the best place to hook.
I do not see this function getting hit with 'auditctl -l'.
>> If you have any possible fixes, I'll gladly test them, but currently,
>> I'm at a loss for time and can't continue.
>
> I guess I'll put the hooks in the next kernel and let you test them.
Send 'em my way :)
Thanks,
Mike
More information about the Linux-audit
mailing list