[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] loginuid through procfs (+ a question)



Serge Hallyn wrote:
Attached is a first stab at setting loginuid through /proc/$$/loginuid.
Compiled and tested here.


I would recommend replacing the capable(CAP_AUDIT_CONTROL) call in proc_loginuid_write with a LSM hook - possibly security_audit_set_loginid(...). I do not think we even need the check in proc_loginuid_read. I previously stated that level of responsibility implied by setting the login id lies somewhere between writing an audit message and controlling the audit system. My intention was to further segregate the operations through SELinux. Since this is no longer a netlink message, SELinux can not distinguish the setting of a loginid from the other audit control operations. In fact, it would be nice to see all of the audit code not using capable at all, but rather using meaningful LSM hooks that result in capable() calls in the dummy and capabilities module (this would include the previous patch for audit.c and friends - sorry for not thinking of this earlier). This will allow LSMs to implement fine-grained control over the configuration of the audit subsystem that cannot be achieved though the use of capable() - without adding a few more capabilities that is, but there is only one left :)


--

Darrel


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]