On Mon, 6 Dec 2004, Chris Wright wrote:
> * Adrian Drzewiecki (z@private) wrote:
[snip]
> > +static inline void security_audit_syscall(struct task_struct *p, void
> > *regs, int entryexit)
> > +{
> > + security_ops->audit_syscall(p, regs, entryexit);
> > +}
> > +
>
> So, with CONFIG_SECURITY this will call into security modules.
[snip]
> > +static inline void security_audit_syscall(struct task_struct *p, void
> > *regs, int entryexit)
> > +{
> > +#ifdef HAVE_ARCH_AUDIT_SYSCALL
> > + audit_syscall(p, regs, entryexit);
> > +#endif
> > +}
>
> And w/out it's only calling arch specific code.
>
> > +static void dummy_audit_syscall(struct task_struct *p, void *regs, int
> > entryexit)
> > +{
> > +#ifdef HAVE_ARCH_AUDIT_SYSCALL
> > + audit_syscall(p, regs, entryexit);
> > +#endif
> > +}
[snip]
> And nothing for capability, so it's expected to pick up default from
> dummy stub?
>
> thanks,
> -chris
Not necessarily. audit_syscall() is not a capability check. A new LSM
is expected to call audit_syscall() from its security_ops->audit_syscall()
hook, if the standard syscall auditing is to be preserved. This is another
reason why the arch portion of the code does EXPORT_SYMBOL_GPL(audit_syscall).
(oops, just noticed that my UM arch patch didn't do that...)
--
Adrian Drzewiecki
z@private
This archive was generated by hypermail 2.1.3 : Tue Dec 07 2004 - 10:45:19 PST