* Stephen Smalley ([EMAIL PROTECTED]) wrote: > On Sat, 2005-01-15 at 15:07, Serge E. Hallyn wrote: > > The audit control messages are sent over netlink. Permission checks > > are done on the process receiving the message, which may not be the > > same as the process sending the message. This patch switches the > > netlink_send security hooks to calculate the effective capabilities > > based on the sender. Then audit_receive_msg performs capability checks > > based on that. > > > > It also introduces the CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL capabilities, > > and replaces the previous CAP_SYS_ADMIN checks in audit code with the > > appropriate checks. > > > > Please apply. > > > > Changelog: > > 1/15/2005: Simplified dummy_netlink_send given that dummy now > > keeps track of capabilities. > > 1/14/2005: Many fixes based on feedback from [EMAIL PROTECTED] > > list. > > 1/14/2005: Removed the netlink_msg_type helper function. > > 1/07/2005: Swith to using CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL. > > > > thanks, > > -serge > > > > Signed-off-by: Serge Hallyn <[EMAIL PROTECTED]> > > Signed-off-by: Stephen Smalley <[EMAIL PROTECTED]>
Signed-off-by: Chris Wright <[EMAIL PROTECTED]> thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
