[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Two netlink patches



On Thu, 2004-12-16 at 11:25, Serge Hallyn wrote:
> Hi,
> 
> I believe a single CAP_AUDIT_CONTROL bit should suffice for defining an
> MRMLOSPP-compliant audit role.  I will send out a new patch asap which
> also nixes cap_netlink_audit_send and just leaves the code in dummy.
> 
> Does this seem sufficient?  Or do you (Chris) object to having this test
> in the netlink send codepath?  As far as I can see, the only legitimate
> alternative would be to in fact move audit control to a different
> (pseudo-fs?) interface.

For just a capability check, you can check on the receive path based on
NETLINK_CREDS(skb)->eff_cap, as long as the security modules set all of
the capability bits in that field properly (commoncap already does so,
and SELinux and dummy could easily be changed to do so).  In contrast,
we don't have that option for SELinux permissions, because we don't have
any way to convey either the sender security context or the computed
permissions in NETLINK_CREDS without extending that structure. 

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]