Re: [RFC][PATCH] collect security labels on user processes generating audit messages
On Wed, 8 Feb 2006, Timothy R. Chavez wrote:
1) A new SELinux interface was introduced to give other parts of the
kernel the ability to resolve 'sids' into security labels.
Please look at the way I intend to export SELinux APIs in:
http://people.redhat.com/jmorris/selinux/skfilter/kernel/12-skfilter-seli...
+++ b/include/linux/netlink.h
@@ -143,6 +143,7 @@ struct netlink_skb_parms
__u32 dst_group;
kernel_cap_t eff_cap;
__u32 loginuid; /* Login (audit) uid */
+ __u32 secid; /* SELinux security id */
};
You also need to verify the policy serial number.
I wonder if it might be better to use the security context directly.
@@ -460,11 +464,26 @@ static int audit_receive_msg(struct sk_b
err = 0;
ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
if (ab) {
+ len = selinux_sid_to_context(sid, NULL, 0);
This is embedding SELinux specific code into the audit code. I think you
need to add some audit/SELinux glue code which disappears if SELinux is
not enabled.
+ NETLINK_CB(skb).secid = security_task_getsid(current);
security_task_getsid() doesn't exist.
You created security_task_getsecurity(), which retrieves the security
context.
- James
--
James Morris
<jmorris(a)redhat.com>