[RFC] Obtaining PATH entry without audit userland
Stephen Smalley
sds at tycho.nsa.gov
Thu Jan 10 16:42:03 UTC 2008
On Thu, 2008-01-10 at 10:40 -0500, Steve Grubb wrote:
> On Thursday 10 January 2008 10:32:37 Alexander Viro wrote:
> > On Thu, Jan 10, 2008 at 10:19:50AM -0500, Steve Grubb wrote:
> > > I was under the impression that Al Viro has already sent a patch allowing
> > > for PATH in all AVC messages. Al?
> >
> > In the mainline for quite a while...
>
> That's what I thought.
>
> Yuichi, what kernel are you testing against that is having the problem? Is
> there a simple test case that shows the problem so we can check the kernel to
> make sure its working properly?
SELinux can still only audit a pathname (vs. just the component name)
when it has the (vfsmount, dentry) pair available in the LSM hook, which
often isn't the case still. So we still depend on audit pathname
collection to give us more information than just the component name on
many permission checks.
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list