[RFC][PATCH] loginuid through procfs (+ a question)
Stephen Smalley
sds at epoch.ncsc.mil
Thu Jan 27 17:44:19 UTC 2005
On Thu, 2005-01-27 at 13:39, Serge Hallyn wrote:
> Are you considering posting a patch to convert the CAP_AUDIT_* checks
> with lsm hooks? The other audit actions can still be distinguished
> (though not as nicely) through selinux_netlink_send, but as you say, not
> setting and reading loginuid, which I think could only be done through
> policy at the moment.
There isn't presently a way to assign a different security context to
different nodes under /proc/pid, so they all inherit the context of the
associated task at present. Hence, the inode permission checks can't
distinguish between loginuid and some other node under /proc/pid for the
same task. The /proc/pid/attr nodes can be further mediated by the
[gs]etprocattr hooks, and SELinux does apply a separate check for them.
I agree that distinguishing setting of the loginuid from complete
control of the audit framework would be useful, but it should be easy to
replace your capable call with a LSM hook in the future.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the Linux-audit
mailing list