Re: Audit, LSM, SELinux, and Smack
On Wed, 2007-07-25 at 13:19 -0700, Casey Schaufler wrote:
I'm looking at getting audit into my Smack LSM module.
Stephen Smalley has suggested, and I concur, that this
may be the time to convert audit from using SELinux
specific interfaces to LSM based interfaces.
Before I start blasting away with patches, I want to
check and see if anyone else is looking into this.
There's a good chunk of work to be done for LSM, audit,
SELinux, and Smack.
Also netlink, if you need/want to be able to save the sending task's
label at send time for later use for permission checking and auditing at
receive time. At present, netlink_sendmsg() calls
selinux_get_task_sid() to save the sending task SID in the
netlink_skb_parms struct, and that SID is later extracted by
selinux_netlink_recv and audit_receive_msg. That parallels what happens
with the eff_cap set and the loginuid.
I also want to be sure that no one
will take umberage with the notion.
At some point, objections may arise that the changes are too invasive or
costly, or that they aren't justified until such a time as it is shown
that smack or another user is actually going to be merged. But in
abstract, I don't have a problem with converting these over to using LSM
hooks (as long as LSM remains). What makes it a little harder is that
smack has no equivalent to a sid/secid, just the full labels (albeit
those are small and fixed size).
--
Stephen Smalley
National Security Agency