On Wed, 2007-07-25 at 13:19 -0700, Casey Schaufler wrote: > I'm looking at getting audit into my Smack LSM module. > Stephen Smalley has suggested, and I concur, that this > may be the time to convert audit from using SELinux > specific interfaces to LSM based interfaces. > > Before I start blasting away with patches, I want to > check and see if anyone else is looking into this. > There's a good chunk of work to be done for LSM, audit, > SELinux, and Smack.
Also netlink, if you need/want to be able to save the sending task's label at send time for later use for permission checking and auditing at receive time. At present, netlink_sendmsg() calls selinux_get_task_sid() to save the sending task SID in the netlink_skb_parms struct, and that SID is later extracted by selinux_netlink_recv and audit_receive_msg. That parallels what happens with the eff_cap set and the loginuid. > I also want to be sure that no one > will take umberage with the notion. At some point, objections may arise that the changes are too invasive or costly, or that they aren't justified until such a time as it is shown that smack or another user is actually going to be merged. But in abstract, I don't have a problem with converting these over to using LSM hooks (as long as LSM remains). What makes it a little harder is that smack has no equivalent to a sid/secid, just the full labels (albeit those are small and fixed size). -- Stephen Smalley National Security Agency -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
