Re: Another slab size-32 leak 2.6.16-rc4-mm2
On Mon, Mar 06, 2006 at 10:20:05AM -0500, Stephen Smalley wrote:
But ipcperms() isn't called on every IPC operation, in particular
not
for the ones that apply uid ownership or capability tests rather than
mode checks, e.g. SHM_LOCK/UNLOCK. Compare the coverage of the
security_* hooks in the ipc code against the audit-related hooks.
SHM_LOCK/UNLOCK doesn't look like an "operation on an object" from the
LSPP point of view (it doesn't read, write, create, destroy, change
permissions, or similar things), so I don't see a need to audit that one.
There may be a need to add new hooks for specific functions if they turn
out to require auditing, but offhand I'm not aware of any.
That is why I suggested making a call to some audit hook for
collecting
the IPC object context from every selinux_* IPC hook - that ensures
coverage without requiring additional audit hooks.
Keep in mind that LSPP requires audit records (including object labels)
for unsuccessful operations, and as far as I know an access request
that's rejected by DAC permissions won't call the selinux hook.
-Klaus