Re: [PATCH] Audit capabilities
Quoting Stephen Smalley (sds(a)epoch.ncsc.mil):
On Fri, 2005-01-07 at 11:16, Serge Hallyn wrote:
> Attached is a new patch to introduce CAP_AUDIT_CONTROL and
> CAP_AUDIT_WRITE. Thank you all for the clarifications on appropriate
> caps.
>
> Purpose: Audit message authentication is being done on the process
> receiving the message, which may not be the process sending the message.
> This patch sets the sk_buff eff_caps according to the sender
> permissions, and authenticates audit message handling based on that. It
> also switches from using CAP_SYS_ADMIN to using AUDIT capabilities.
>
> Changelog:
> 12-20-2005: Switch from CAP_[SYS,NET]_ADMIN to AUDIT capabilities.
> 12-27-2005: Use dummy_capget in dummy_netlink_send, and correctly mask
> the skb's eff_cap according to selinux perms.
> 12-28-2005: Use avc_has_perm_noaudit in selinux_netlink_send to use
> cached decisions.
> 01-06-2005: Switch to using CAP_AUDIT_CONTROL and CAP_AUDIT_WRITE.
Any reason this hasn't been submitted upstream?
Only that I was waiting for feedback.
Do you think we should keep the netlink_get_msgtype function, or get rid
of it (and perhaps get away with not mailing net-devel :)?
thanks,
-serge