Re: LSM stacker update

From: Stephen Smalley (sds@private)
Date: Wed Feb 02 2005 - 07:03:20 PST

Previous message: Serge Hallyn: "Re: LSM stacker update"
In reply to: Serge Hallyn: "Re: LSM stacker update"
Next in thread: Casey Schaufler: "Re: LSM stacker update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, 2005-02-02 at 11:24, Serge Hallyn wrote:
> So could selinux do the authorization check and avc_audit in
> netlink_send, as you had suggested some time ago?

SELinux will do that for its fine-grained netlink permission checks, but
the determination of whether or not CAP_NET_ADMIN (or the audit
capabilities) are required is presently handled in the receiver side
code, not by SELinux.

-- 
Stephen Smalley <sds@private>
National Security Agency

Previous message: Serge Hallyn: "Re: LSM stacker update"
In reply to: Serge Hallyn: "Re: LSM stacker update"
Next in thread: Casey Schaufler: "Re: LSM stacker update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Feb 02 2005 - 07:10:08 PST