[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Two netlink patches



Hi,

I believe a single CAP_AUDIT_CONTROL bit should suffice for defining an
MRMLOSPP-compliant audit role.  I will send out a new patch asap which
also nixes cap_netlink_audit_send and just leaves the code in dummy.

Does this seem sufficient?  Or do you (Chris) object to having this test
in the netlink send codepath?  As far as I can see, the only legitimate
alternative would be to in fact move audit control to a different
(pseudo-fs?) interface.

thanks,
-serge

On Thu, 2004-12-16 at 07:49 -0500, Stephen Smalley wrote:
> On Wed, 2004-12-15 at 18:07, Chris Wright wrote:
> > * Chris Wright (chrisw osdl org) wrote:
> > > CAP_SYS_AUDIT?
> > 
> > OK, well, Posix (withdrawn draft) specifies CAP_AUDIT_CONTROL and
> > CAP_AUDIT_WRITE.
> 
> Given the shortage of available capability bits, I'd think you would
> only want to take at most one for audit.  You can always provide
> finer-grained controls via other security modules, as in SELinux's
> checking upon netlink_send.
> 
-- 
Serge Hallyn <serue us ibm com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]