[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] loginuid through procfs (+ a question)



On Thu, 2005-01-27 at 13:39, Serge Hallyn wrote:
> Are you considering posting a patch to convert the CAP_AUDIT_* checks
> with lsm hooks?  The other audit actions can still be distinguished
> (though not as nicely) through selinux_netlink_send, but as you say, not
> setting and reading loginuid, which I think could only be done through
> policy at the moment.

There isn't presently a way to assign a different security context to
different nodes under /proc/pid, so they all inherit the context of the
associated task at present.  Hence, the inode permission checks can't
distinguish between loginuid and some other node under /proc/pid for the
same task.  The /proc/pid/attr nodes can be further mediated by the
[gs]etprocattr hooks, and SELinux does apply a separate check for them. 
I agree that distinguishing setting of the loginuid from complete
control of the audit framework would be useful, but it should be easy to
replace your capable call with a LSM hook in the future.

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]