diff options
| author | Serge Hallyn <hallyn@cs.wm.edu> | 2005-01-20 15:51:22 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-01-20 15:51:22 -0800 |
| commit | f2840fccfd30c7776d1b9bc877d3693bce2429be (patch) | |
| tree | 5a3ece61aa18517202a8400912f67d7ce6e5882a /include/linux/capability.h | |
| parent | fe00c037355a517b69608371479add1b68043127 (diff) | |
[PATCH] Fix audit control message checks
The audit control messages are sent over netlink. Permission checks are
done on the process receiving the message, which may not be the same as the
process sending the message. This patch switches the netlink_send security
hooks to calculate the effective capabilities based on the sender. Then
audit_receive_msg performs capability checks based on that.
It also introduces the CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL capabilities,
and replaces the previous CAP_SYS_ADMIN checks in audit code with the
appropriate checks.
- Simplified dummy_netlink_send given that dummy now keeps track of
capabilities.
- Many fixes based on feedback from <linux-audit@redhat.com> list.
- Removed the netlink_msg_type helper function.
- Switch to using CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL.
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include/linux/capability.h')
| -rw-r--r-- | include/linux/capability.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/linux/capability.h b/include/linux/capability.h index c96e7b624fce..5df11c20ed26 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -284,6 +284,10 @@ typedef __u32 kernel_cap_t; #define CAP_LEASE 28 +#define CAP_AUDIT_WRITE 29 + +#define CAP_AUDIT_CONTROL 30 + #ifdef __KERNEL__ /* * Bounding set |