Re: [PATCH] Add audit uid to netlink credentials
On Wed, 2005-02-09 at 09:50, Serge Hallyn wrote:
CAP_AUDIT_WRITE is needed, but not CAP_AUDIT_CONTROL, which is needed
to
set the loginuid. Of course, an LSM could check at
security_netlink_send whether the login_uid in the payload is the same
as the real loginuid. Otherwise, we're wasting a (very precious)
capability bit.
In either case, have we decided we don't want it in the netlink
credentials after all?
If the audit subsystem truly needs to include the loginuid in audit
messages generated upon processing netlink messages, then I think it
belongs in the control buffer as per your patch. Alexey has confirmed
that we cannot use the current task's audit context regardless.
As a side bar, a similar security field in the control buffer would
likewise be very useful so that SELinux could set the SID for use in
permission checks by receive functions.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency