audit capability checks not audited
Chris Wright
chrisw at osdl.org
Tue May 17 17:40:27 UTC 2005
* David Woodhouse (dwmw2 at infradead.org) wrote:
> On Tue, 2005-05-17 at 08:27 -0400, Stephen Smalley wrote:
> > I know there was an earlier rfc/patch by Chris to allow moving the
> > netlink message checking to the send side via a new callback, which
> > would allow us to perform a traditional capable() call rather than a
> > direct cap_raised() test and thus have the usual auditing behavior for
> > SELinux there. Is that stalled?
>
> It was decided at the time that there was insufficient reason to make
> such a change. I don't remember whether Chris had updated and completed
> the patch by then or not; I suspect not.
I did not update it beyond the patch I sent before I left for Cambridge.
We talked about leaving it as is and putting the loginuid directly into
netlink_skb_parms. I can dust it off and resend if it's useful.
thanks,
-chris
More information about the Linux-audit
mailing list