[PATCH] Audit capabilities

Darrel Goeddel dgoeddel at trustedcs.com
Tue Jan 11 22:32:07 UTC 2005


Serge Hallyn wrote:
> Attached is a new patch to introduce CAP_AUDIT_CONTROL and
> CAP_AUDIT_WRITE.  Thank you all for the clarifications on appropriate
> caps.
> 

Sorry for the delay on this response.  At least this comment is not of great 
importance :)

It seems that netlink_get_msgtype is not really needed here.  The type is 
already available in audit_receive_msg and can be passed to audit_netlink_ok; 
and the length checks performed by netlink_get_msgtype will never catch a 
failure because the same checks are already done by audit_receive_skb.  Removing 
this function would remove the need to modify the netlink.h and af_netlink.c files.

-- 

Darrel




More information about the Linux-audit mailing list