Re: Two netlink patches
* Serge E. Hallyn (serue(a)us.ibm.com) wrote:
The problem with this is that audit admin != sysadmin, so we
instantly preventing linux from achieving, say, MRMLOSPP. But
if we just replace "if (!capable()) err = -EPERM" with a new
lsm hook, then we can still consolidate some of the code in
audit_netlink_ok(nlh).
thoughts?
CAP_SYS_AUDIT?
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net