[RFC PATCH] security, capability: pass object information to security_capable
Stephen Smalley
sds at tycho.nsa.gov
Fri Jul 12 18:02:17 UTC 2019
On 7/12/19 1:50 PM, James Morris wrote:
> On Fri, 12 Jul 2019, Nicholas Franck wrote:
>
>> + case LSM_AUDIT_DATA_CAP: {
>> + const struct inode *inode;
>> +
>> + if (a->u.cap_struct.cad) {
>> + switch (a->u.cap_struct.cad->type) {
>> + case CAP_AUX_DATA_INODE: {
>> + inode = a->u.cap_struct.cad->u.inode;
>> +
>> + audit_log_format(ab, " dev=");
>> + audit_log_untrustedstring(ab,
>> + inode->i_sb->s_id);
>> + audit_log_format(ab, " ino=%lu",
>> + inode->i_ino);
>> + break;
>> + }
>> + }
>> + }
>> + audit_log_format(ab, " capability=%d ", a->u.cap_struct.cap);
>> break;
>
> Will this break any existing userspace log parsers?
I'm hoping not given that we are only adding auxiliary fields and those
are already defined for other AVC audit messages. ausearch appeared to
work fine. Added the linux-audit mailing list to the cc line to get
their view.
More information about the Linux-audit
mailing list