Re: LSM stacker update

From: Stephen Smalley (sds@private)
Date: Wed Feb 02 2005 - 06:10:54 PST


On Wed, 2005-02-02 at 08:50, Stephen Smalley wrote:
> Actually, on second thought, I wonder if selinux_netlink_recv should be
> calling avc_audit() upon a denial, as otherwise we will see no audit
> message for a denial even it is caused by the SELinux computation in
> selinux_netlink_send.  Similar issue for the audit subsystem's
> capability checks on the receiver side.

Hmmm...except that we won't have the sender's SID available to us in
selinux_netlink_recv(), so auditing would just occur in the receiver's
context, possibly incorrectly.

-- 
Stephen Smalley <sds@private>
National Security Agency



This archive was generated by hypermail 2.1.3 : Wed Feb 02 2005 - 06:17:46 PST