Serge Hallyn wrote:
Attached is a new patch to introduce CAP_AUDIT_CONTROL and
CAP_AUDIT_WRITE. Thank you all for the clarifications on appropriate
caps.
Sorry for the delay on this response. At least this comment is not of great
importance :)
It seems that netlink_get_msgtype is not really needed here. The type is
already available in audit_receive_msg and can be passed to audit_netlink_ok;
and the length checks performed by netlink_get_msgtype will never catch a
failure because the same checks are already done by audit_receive_skb. Removing
this function would remove the need to modify the netlink.h and af_netlink.c files.
--
Darrel