Writting to audit with an application
Steve Grubb
sgrubb at redhat.com
Mon Mar 19 21:38:27 UTC 2007
On Monday 19 March 2007 15:58, geckiv wrote:
> I never heard of dbus before. Is there an example how it keeps it's
> CAP_AUDIT_WRITE and changes uids?
Not without looking at its source code. Here's its patch:
http://developer.momonga-linux.org/viewvc/trunk/pkgs/dbus/dbus-0.61-selinux-avc-audit.patch?r1=13947&r2=13946&pathrev=13947&view=patch
nscd also does the same trick, but its coded in glibc style.
> Is this just using setuid() some how?
No, there's an intricate dance regarding setuid, prctl, & capabilities
that must be followed exactly or bad things can happen.
-Steve
More information about the Linux-audit
mailing list