[PATCH] Audit capabilities
Serge E. Hallyn
serue at us.ibm.com
Thu Jan 13 23:23:47 UTC 2005
Quoting Stephen Smalley (sds at epoch.ncsc.mil):
> On Fri, 2005-01-07 at 11:16, Serge Hallyn wrote:
> > Attached is a new patch to introduce CAP_AUDIT_CONTROL and
> > CAP_AUDIT_WRITE. Thank you all for the clarifications on appropriate
> > caps.
> >
> > Purpose: Audit message authentication is being done on the process
> > receiving the message, which may not be the process sending the message.
> > This patch sets the sk_buff eff_caps according to the sender
> > permissions, and authenticates audit message handling based on that. It
> > also switches from using CAP_SYS_ADMIN to using AUDIT capabilities.
> >
> > Changelog:
> > 12-20-2005: Switch from CAP_[SYS,NET]_ADMIN to AUDIT capabilities.
> > 12-27-2005: Use dummy_capget in dummy_netlink_send, and correctly mask
> > the skb's eff_cap according to selinux perms.
> > 12-28-2005: Use avc_has_perm_noaudit in selinux_netlink_send to use
> > cached decisions.
> > 01-06-2005: Switch to using CAP_AUDIT_CONTROL and CAP_AUDIT_WRITE.
>
> Any reason this hasn't been submitted upstream?
Only that I was waiting for feedback.
Do you think we should keep the netlink_get_msgtype function, or get rid
of it (and perhaps get away with not mailing net-devel :)?
thanks,
-serge
More information about the Linux-audit
mailing list