Steve Grubb wrote:
On Tuesday 23 May 2006 18:20, Michael C Thompson wrote:
socket_has_perm returns 0,
This function is not exactly the one I was after..
3387 static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
3388 {
<snip>
3401 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
3402 if (err) {
<snip>
3415 goto out;
3416 }
3417
3418 err = socket_has_perm(current, sock, perm);
3419 out:
3420 return err;
3421 }
Socket_has_perm has the second vote. This function in turn gets called by
selinux_netlink_send, so that is probably the best place to hook.
I do not see this function getting hit with 'auditctl -l'.
If you have any possible fixes, I'll gladly test them, but currently,
I'm at a loss for time and can't continue.
I guess I'll put the hooks in the next kernel and let you test them.
Send 'em my way :)
Thanks,
Mike
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
