[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] collect security labels on user processes generating audit messages



On Wed, 8 Feb 2006, Timothy R. Chavez wrote:

> 1) A new SELinux interface was introduced to give other parts of the
> kernel the ability to resolve 'sids' into security labels.  

Please look at the way I intend to export SELinux APIs in:
http://people.redhat.com/jmorris/selinux/skfilter/kernel/12-skfilter-selinux-exports.patch

> +++ b/include/linux/netlink.h
> @@ -143,6 +143,7 @@ struct netlink_skb_parms
>  	__u32			dst_group;
>  	kernel_cap_t		eff_cap;
>  	__u32			loginuid;	/* Login (audit) uid */
> +	__u32			secid;		/* SELinux security id */
>  };

You also need to verify the policy serial number.

I wonder if it might be better to use the security context directly.


> @@ -460,11 +464,26 @@ static int audit_receive_msg(struct sk_b
>  			err = 0;
>  			ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
>  			if (ab) {
> +				len = selinux_sid_to_context(sid, NULL, 0);

This is embedding SELinux specific code into the audit code.  I think you 
need to add some audit/SELinux glue code which disappears if SELinux is 
not enabled.

> +	NETLINK_CB(skb).secid = security_task_getsid(current);

security_task_getsid() doesn't exist.

You created security_task_getsecurity(), which retrieves the security
context.



- James
-- 
James Morris
<jmorris redhat com>




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]