[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] loginuid through procfs (+ a question)

Stephen Smalley wrote:
On Thu, 2005-01-27 at 13:39, Serge Hallyn wrote:

Are you considering posting a patch to convert the CAP_AUDIT_* checks
with lsm hooks?  The other audit actions can still be distinguished
(though not as nicely) through selinux_netlink_send, but as you say, not
setting and reading loginuid, which I think could only be done through
policy at the moment.

I agree that distinguishing setting of the loginuid from complete
control of the audit framework would be useful, but it should be easy to
replace your capable call with a LSM hook in the future.

I think this may be something we should look at after this patch goes upstream. The current functionality of the patch is important and we should probably work
on getting this in as soon as possible. Changing to an LSM hook which will
require CAP_AUDIT_CONTROL in the capability and dummy module will not change
the behavior.

I do think we will want an LSM hook for setting the loginid in the future.
Since all of the other actions mediated by CAP_AUDIT_CONTROL can be
distinguished in a roundabout way through an access check based on the msg type
at the netlink_send hook, there is no need to add LSM hooks for these actions.
I would still be in favor of this however, because it would make the controls
much more straightforward.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]