Two netlink patches
Serge E. Hallyn
serue at us.ibm.com
Wed Dec 15 22:45:59 UTC 2004
Quoting Chris Wright (chrisw at osdl.org):
> > Shouldn't this function return -EPERM in the default case, not the
> > msgtype?
>
> Should be -EINVAL according to original code.
Ok.
> I really dislike duplicating code. I agree it should be put in a
> central location. Does it really need to be broken out into the
> security framework? Why not place it in audit itself?
>
> Just a simple helper:
>
> int audit_netlink_ok(struct nlmsghdr *nlh)
> {
> int err = -EINVAL;
>
> if (audit_bad_header(nlh))
> goto out;
>
> err = 0;
> switch() {
> ok:
> break;
> capable:
> if (!capable())
> err = -EPERM;
> break;
> default:
> err = -EINVAL;
> break;
> }
> out:
> return err;
> }
The problem with this is that audit admin != sysadmin, so we
instantly preventing linux from achieving, say, MRMLOSPP. But
if we just replace "if (!capable()) err = -EPERM" with a new
lsm hook, then we can still consolidate some of the code in
audit_netlink_ok(nlh).
thoughts?
thanks,
-serge
More information about the Linux-audit
mailing list