Re: [RFC][PATCH] loginuid through procfs (+ a question)
On Thu, 2005-01-27 at 13:39, Serge Hallyn wrote:
Are you considering posting a patch to convert the CAP_AUDIT_*
checks
with lsm hooks? The other audit actions can still be distinguished
(though not as nicely) through selinux_netlink_send, but as you say, not
setting and reading loginuid, which I think could only be done through
policy at the moment.
There isn't presently a way to assign a different security context to
different nodes under /proc/pid, so they all inherit the context of the
associated task at present. Hence, the inode permission checks can't
distinguish between loginuid and some other node under /proc/pid for the
same task. The /proc/pid/attr nodes can be further mediated by the
[gs]etprocattr hooks, and SELinux does apply a separate check for them.
I agree that distinguishing setting of the loginuid from complete
control of the audit framework would be useful, but it should be easy to
replace your capable call with a LSM hook in the future.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency