[redhat-lspp] auditing labeled ipsec
Paul Moore
paul.moore at hp.com
Wed Oct 11 20:58:07 UTC 2006
Joy Latten wrote:
> Linux provides two apis to add/delete/manage SAs and spd.
> One is netlink which was extended to do key management. The
> other is pfkeyv2, which our setkey and racoon uses.
>
> With all that said, I am not able to figure out how to get "auid" from
> pfkeyv2? I can use NETLINK_CB(skb).loginuid to get it when netlink is
> used, but I don't think I can use this for pfkeyv2 since I am not using
> netlink headers. I am using pfkey message headers, such as sadb_msg,
> which don't include this.
>
> Any ideas or suggestions?
While it's been a looong time since I looked at PFKEY I believe you can get away
with plucking the loginuid from the current task, yes? no?
--
paul moore
linux security @ hp
More information about the Linux-audit
mailing list