Re: Two netlink patches
Quoting Chris Wright (chrisw(a)osdl.org):
> Shouldn't this function return -EPERM in the default case,
not the
> msgtype?
Should be -EINVAL according to original code.
Ok.
I really dislike duplicating code. I agree it should be put in a
central location. Does it really need to be broken out into the
security framework? Why not place it in audit itself?
Just a simple helper:
int audit_netlink_ok(struct nlmsghdr *nlh)
{
int err = -EINVAL;
if (audit_bad_header(nlh))
goto out;
err = 0;
switch() {
ok:
break;
capable:
if (!capable())
err = -EPERM;
break;
default:
err = -EINVAL;
break;
}
out:
return err;
}
The problem with this is that audit admin != sysadmin, so we
instantly preventing linux from achieving, say, MRMLOSPP. But
if we just replace "if (!capable()) err = -EPERM" with a new
lsm hook, then we can still consolidate some of the code in
audit_netlink_ok(nlh).
thoughts?
thanks,
-serge