Re: Another slab size-32 leak 2.6.16-rc4-mm2
On Mon, Feb 27, 2006 at 05:03:28PM -0600, Dustin Kirkland wrote:
> However, it was intended to collect labels for
> message queues during calls to msgget(), msgrcv(), msgsnd(), etc. The
> audit_ipc_perms() hook is only collecting labels (and attempted perm
> settings) from IPC_SET operations.
I talked to Klaus about this and I expect him to pipe in right here...
In a nutshell, I was advised back in October that for certification
purposes, we're only required to audit ipc operations involving
security-relevant permissions checks (similar to our certification
requirements on syscall auditing).
The calls msgget(), msgrcv(), msgsnd(), etc. are doing permission
checks. How are these not security-relevant?
Klaus, if you could explain this I would appreciate it.
Thanks,
Amy