[RFC][PATCH] loginuid through procfs (+ a question)
Serge Hallyn
serue at us.ibm.com
Thu Jan 27 18:39:53 UTC 2005
Hmm, I don't see where I ever replied to this, sorry.
My first attempt had used LSM hooks. I thought there had been actual
requests to move from lsm hooks to capable(), but now I can't find that,
so maybe there never were such requests.
Are you considering posting a patch to convert the CAP_AUDIT_* checks
with lsm hooks? The other audit actions can still be distinguished
(though not as nicely) through selinux_netlink_send, but as you say, not
setting and reading loginuid, which I think could only be done through
policy at the moment.
-serge
On Tue, 2005-01-11 at 17:48 -0600, Darrel Goeddel wrote:
> Serge Hallyn wrote:
> > Attached is a first stab at setting loginuid through /proc/$$/loginuid.
> > Compiled and tested here.
> >
>
> I would recommend replacing the capable(CAP_AUDIT_CONTROL) call in
> proc_loginuid_write with a LSM hook - possibly security_audit_set_loginid(...).
> I do not think we even need the check in proc_loginuid_read. I previously
> stated that level of responsibility implied by setting the login id lies
> somewhere between writing an audit message and controlling the audit system. My
> intention was to further segregate the operations through SELinux. Since this
> is no longer a netlink message, SELinux can not distinguish the setting of a
> loginid from the other audit control operations. In fact, it would be nice to
> see all of the audit code not using capable at all, but rather using meaningful
> LSM hooks that result in capable() calls in the dummy and capabilities module
> (this would include the previous patch for audit.c and friends - sorry for not
> thinking of this earlier). This will allow LSMs to implement fine-grained
> control over the configuration of the audit subsystem that cannot be achieved
> though the use of capable() - without adding a few more capabilities that is,
> but there is only one left :)
>
--
Serge Hallyn <serue at us.ibm.com>
More information about the Linux-audit
mailing list