[RFC][PATCH] loginuid through procfs (+ a question)

Stephen Smalley sds at epoch.ncsc.mil
Thu Jan 27 17:44:19 UTC 2005


On Thu, 2005-01-27 at 13:39, Serge Hallyn wrote:
> Are you considering posting a patch to convert the CAP_AUDIT_* checks
> with lsm hooks?  The other audit actions can still be distinguished
> (though not as nicely) through selinux_netlink_send, but as you say, not
> setting and reading loginuid, which I think could only be done through
> policy at the moment.

There isn't presently a way to assign a different security context to
different nodes under /proc/pid, so they all inherit the context of the
associated task at present.  Hence, the inode permission checks can't
distinguish between loginuid and some other node under /proc/pid for the
same task.  The /proc/pid/attr nodes can be further mediated by the
[gs]etprocattr hooks, and SELinux does apply a separate check for them. 
I agree that distinguishing setting of the loginuid from complete
control of the audit framework would be useful, but it should be easy to
replace your capable call with a LSM hook in the future.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the Linux-audit mailing list