[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] loginuid through procfs (+ a question)



Hmm, I don't see where I ever replied to this, sorry.

My first attempt had used LSM hooks.  I thought there had been actual
requests to move from lsm hooks to capable(), but now I can't find that,
so maybe there never were such requests.

Are you considering posting a patch to convert the CAP_AUDIT_* checks
with lsm hooks?  The other audit actions can still be distinguished
(though not as nicely) through selinux_netlink_send, but as you say, not
setting and reading loginuid, which I think could only be done through
policy at the moment.

-serge

On Tue, 2005-01-11 at 17:48 -0600, Darrel Goeddel wrote:
> Serge Hallyn wrote:
> > Attached is a first stab at setting loginuid through /proc/$$/loginuid.
> > Compiled and tested here.
> > 
> 
> I would recommend replacing the capable(CAP_AUDIT_CONTROL) call in 
> proc_loginuid_write with a LSM hook - possibly security_audit_set_loginid(...). 
>    I do not think we even need the check in proc_loginuid_read. I previously 
> stated that level of responsibility implied by setting the login id lies 
> somewhere between writing an audit message and controlling the audit system.  My 
> intention was to further segregate the operations through SELinux.  Since this 
> is no longer a netlink message, SELinux can not distinguish the setting of a 
> loginid from the other audit control operations.  In fact, it would be nice to 
> see all of the audit code not using capable at all, but rather using meaningful 
> LSM hooks that result in capable() calls in the dummy and capabilities module 
> (this would include the previous patch for audit.c and friends - sorry for not 
> thinking of this earlier).  This will allow LSMs to implement fine-grained 
> control over the configuration of the audit subsystem that cannot be achieved 
> though the use of capable() - without adding a few more capabilities that is, 
> but there is only one left :)
> 
-- 
Serge Hallyn <serue us ibm com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]