Two netlink patches
Serge Hallyn
serue at us.ibm.com
Thu Dec 16 16:25:45 UTC 2004
Hi,
I believe a single CAP_AUDIT_CONTROL bit should suffice for defining an
MRMLOSPP-compliant audit role. I will send out a new patch asap which
also nixes cap_netlink_audit_send and just leaves the code in dummy.
Does this seem sufficient? Or do you (Chris) object to having this test
in the netlink send codepath? As far as I can see, the only legitimate
alternative would be to in fact move audit control to a different
(pseudo-fs?) interface.
thanks,
-serge
On Thu, 2004-12-16 at 07:49 -0500, Stephen Smalley wrote:
> On Wed, 2004-12-15 at 18:07, Chris Wright wrote:
> > * Chris Wright (chrisw at osdl.org) wrote:
> > > CAP_SYS_AUDIT?
> >
> > OK, well, Posix (withdrawn draft) specifies CAP_AUDIT_CONTROL and
> > CAP_AUDIT_WRITE.
>
> Given the shortage of available capability bits, I'd think you would
> only want to take at most one for audit. You can always provide
> finer-grained controls via other security modules, as in SELinux's
> checking upon netlink_send.
>
--
Serge Hallyn <serue at us.ibm.com>
More information about the Linux-audit
mailing list