Re: audit capability checks not audited
On Tuesday 17 May 2005 08:53, Stephen Smalley wrote:
I'm assuming it is being caused by libpam, although I don't
know much
beyond the fact that vsftpd stopped working without it.
Then I'll ask Dan what's wrong. I think that libpam should probably be fixed
if that is indeed the problem.
> What are we doing wrong? Shouldn't it be a matter of calling
the right
> selinux function for a capabilities check after the DAC checks?
Even if you changed audit_netlink_ok() to call a LSM hook
rather than directly performing a cap_raised() test, SELinux wouldn't
know the security context of the sender, since that isn't saved with the
netlink message.
We need to do this for LSPP, so maybe we should take that step if needed.
Simplest solution is Chris' earlier patches to allow
callbacks to be registered for netlink send so that audit_netlink_ok()
checking can occur at send time.
My only concern is whether or not this will impact the user space side.
-Steve