[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Two netlink patches



* Serge E. Hallyn (serue us ibm com) wrote:
> The problem with this is that audit admin != sysadmin, so we
> instantly preventing linux from achieving, say, MRMLOSPP.  But
> if we just replace "if (!capable()) err = -EPERM" with a new
> lsm hook, then we can still consolidate some of the code in
> audit_netlink_ok(nlh).
> 
> thoughts?

CAP_SYS_AUDIT?

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]