On Wed, 2004-09-15 at 09:59, Serge Hallyn wrote:
> Attached is a patch which provides LSM controls over actions related to
> the new audit framework. As a specific example, we might like to have
> an "audit role", enabled by selinux or some other LSM, which would be
> the only role allowed to add or delete filter rules.
>
> What do people think about adding these hooks, both in general and these
> hooks specifically?
In general: good idea. Specifically:
case AUDIT_SET:
- if (!capable(CAP_SYS_ADMIN))
- return -EPERM;
+ err = security_audit_set(status_get->mask);
+ if (err)
+ return err;
status_get = (struct audit_status *)data;
Hook is called _before_ setting of status_get? And what checks that the
data length is at least sizeof(struct audit_status)? Looks like the
existing code is assuming that the caller didn't send a short message.
@@ -364,8 +365,9 @@ static int audit_receive_msg(struct sk_b
audit_log_end(ab);
break;
case AUDIT_LOGIN:
- if (!capable(CAP_SYS_ADMIN))
- return -EPERM;
+ err = security_audit_login();
+ if (err)
+ return err;
login = (struct audit_login *)data;
ab = audit_log_start(NULL);
if (ab) {
Why not call the hook after extracting the data (and again, checking the
length) and pass the audit_login info to the hook.
I would also suggest a hook on AUDIT_USER.
--
Stephen Smalley <sds@private>
National Security Agency
This archive was generated by hypermail 2.1.3 : Wed Sep 15 2004 - 08:04:38 PDT