Sorry, I wasn't thinking in my initial response. These operations are exported via netlink, which is async, right? Hence, permission checks based on current, including the existing capable() checks, are bogus; you would be checking in the receiving context, not necessarily the sending context. Sending context is not conveyed at present via netlink_skb_parms (no security field) other than uid and capability set. You can performs check upon netlink_send; see what SELinux does there. SELinux policy already governs ability to create and use netlink_audit_sockets and maps the netlink operations to read or write flows, but doesn't offer any finer granularity than that. -- Stephen Smalley <sds@private> National Security Agency
This archive was generated by hypermail 2.1.3 : Wed Sep 15 2004 - 11:57:01 PDT