Re: Two netlink patches
On Thu, 2004-12-16 at 11:25, Serge Hallyn wrote:
Hi,
I believe a single CAP_AUDIT_CONTROL bit should suffice for defining an
MRMLOSPP-compliant audit role. I will send out a new patch asap which
also nixes cap_netlink_audit_send and just leaves the code in dummy.
Does this seem sufficient? Or do you (Chris) object to having this test
in the netlink send codepath? As far as I can see, the only legitimate
alternative would be to in fact move audit control to a different
(pseudo-fs?) interface.
For just a capability check, you can check on the receive path based on
NETLINK_CREDS(skb)->eff_cap, as long as the security modules set all of
the capability bits in that field properly (commoncap already does so,
and SELinux and dummy could easily be changed to do so). In contrast,
we don't have that option for SELinux permissions, because we don't have
any way to convey either the sender security context or the computed
permissions in NETLINK_CREDS without extending that structure.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency