Two netlink patches

Serge Hallyn serue at us.ibm.com
Thu Dec 16 16:25:45 UTC 2004


Hi,

I believe a single CAP_AUDIT_CONTROL bit should suffice for defining an
MRMLOSPP-compliant audit role.  I will send out a new patch asap which
also nixes cap_netlink_audit_send and just leaves the code in dummy.

Does this seem sufficient?  Or do you (Chris) object to having this test
in the netlink send codepath?  As far as I can see, the only legitimate
alternative would be to in fact move audit control to a different
(pseudo-fs?) interface.

thanks,
-serge

On Thu, 2004-12-16 at 07:49 -0500, Stephen Smalley wrote:
> On Wed, 2004-12-15 at 18:07, Chris Wright wrote:
> > * Chris Wright (chrisw at osdl.org) wrote:
> > > CAP_SYS_AUDIT?
> > 
> > OK, well, Posix (withdrawn draft) specifies CAP_AUDIT_CONTROL and
> > CAP_AUDIT_WRITE.
> 
> Given the shortage of available capability bits, I'd think you would
> only want to take at most one for audit.  You can always provide
> finer-grained controls via other security modules, as in SELinux's
> checking upon netlink_send.
> 
-- 
Serge Hallyn <serue at us.ibm.com>




More information about the Linux-audit mailing list