[PATCH 3/5] audit: add netlink audit protocol bind to check capabilities on multicast join
Richard Guy Briggs
rgb at redhat.com
Wed Feb 19 19:41:31 UTC 2014
On 14/02/19, Eric Paris wrote:
> On Wed, 2014-02-19 at 13:08 -0500, Richard Guy Briggs wrote:
> > Register a netlink per-protocol bind fuction for audit to check userspace
> > process capabilities before allowing a multicast group connection.
> >
> > Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
> > ---
> > kernel/audit.c | 10 ++++++++++
> > 1 files changed, 10 insertions(+), 0 deletions(-)
> >
> > diff --git a/kernel/audit.c b/kernel/audit.c
> > index b5b2f72..f2d2d61 100644
> > --- a/kernel/audit.c
> > +++ b/kernel/audit.c
> > @@ -1050,10 +1050,20 @@ static void audit_receive(struct sk_buff *skb)
> > mutex_unlock(&audit_cmd_mutex);
> > }
> >
> > +/* Run custom bind function on netlink socket group connect or bind requests. */
> > +static int audit_bind(int group)
> > +{
> > + if (!capable(CAP_AUDIT_READ))
>
> Not a great idea to use CAP_AUDIT_READ before you define it in patch4
<blush>
> > + return -EPERM;
> > +
> > + return 0;
> > +}
> > +
> > static int __net_init audit_net_init(struct net *net)
> > {
> > struct netlink_kernel_cfg cfg = {
> > .input = audit_receive,
> > + .bind = audit_bind,
> > };
> >
> > struct audit_net *aunet = net_generic(net, audit_net_id);
- RGB
--
Richard Guy Briggs <rbriggs at redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
More information about the Linux-audit
mailing list