Re: [PATCH] Add audit uid to netlink credentials

netdev

Re: [PATCH] Add audit uid to netlink credentials

To:	Stephen Smalley <sds@xxxxxxxxxxxxxx>
Subject:	Re: [PATCH] Add audit uid to netlink credentials
From:	Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>
Date:	Wed, 9 Feb 2005 17:19:46 +0300
Cc:	Linux Audit Discussion <linux-audit@xxxxxxxxxx>, "Serge E. Hallyn" <serue@xxxxxxxxxx>, netdev@xxxxxxxxxxx, davem@xxxxxxxxxxxxx, kuznet@xxxxxxxxxxxxx
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=s1024; d=ms2.inr.ac.ru; b=e2eNsy0m7DMIFDn5T451MTgqFLTsLrUM06Ycc8Q4HV2Rq8MXAZSLcS5dwo+Sl3atI3Y3rUBWjBL3djrK1oTPsK/choKRhdGziHOS33kwCLyEyvnFOTW4osrqGC0tE5aSd+7NrqKbub+EcHYysRjzaIYF0n6AZKlbA6JXgnM8IUU=;
In-reply-to:	<1107956079.17568.42.camel@moss-spartans.epoch.ncsc.mil>
References:	<20050204165840.GA2320@IBM-BWN8ZTBWA01.austin.ibm.com> <Pine.LNX.4.62.0502080658310.32526@kaber.coreworks.de> <1107956079.17568.42.camel@moss-spartans.epoch.ncsc.mil>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.5.6i

Hello!

> > Reception of netlink messages in the kernel happens in the context
> > of the sending process, so you can simply call
> > audit_get_loginuid(current->audit_context) in audit_receive_msg().
> 
> Then why does netlink_sendmsg() need to save the effective capability

Yes, when kernel receives a message, it can be processed in context
of another process. This happens with rtnetlink, which queues messages
when someone holds netadmin semaphore and processing of backlog happens
in context of process which holds the semaphore.

Unfortunately, audit uses the same twisted way. Actually, if people
expected synchronous processing, it is better to replace

if (down_trylock(&audit_netlink_sem))
        return;

with plain down(&audit_netlink_sem);

Alexey

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] Add audit uid to netlink credentials, Serge E. Hallyn Re: [PATCH] Add audit uid to netlink credentials, Patrick McHardy Re: [PATCH] Add audit uid to netlink credentials, Stephen Smalley Re: [PATCH] Add audit uid to netlink credentials, Patrick McHardy Re: [PATCH] Add audit uid to netlink credentials, Alexey Kuznetsov <= Re: [PATCH] Add audit uid to netlink credentials, Alexey Kuznetsov Re: [PATCH] Add audit uid to netlink credentials, Patrick McHardy Re: [PATCH] Add audit uid to netlink credentials, Stephen Smalley Re: [PATCH] Add audit uid to netlink credentials, David Woodhouse Re: [PATCH] Add audit uid to netlink credentials, Serge Hallyn Re: [PATCH] Add audit uid to netlink credentials, Stephen Smalley Re: [PATCH] Add audit uid to netlink credentials, Chris Wright Re: [PATCH] Add audit uid to netlink credentials, Stephen Smalley Re: [PATCH] Add audit uid to netlink credentials, Chris Wright Re: [PATCH] Add audit uid to netlink credentials, David Woodhouse

Previous by Date:	Re: [PATCH] Add audit uid to netlink credentials, David Woodhouse
Next by Date:	Re: [PATCH] Add audit uid to netlink credentials, Serge Hallyn
Previous by Thread:	Re: [PATCH] Add audit uid to netlink credentials, Patrick McHardy
Next by Thread:	Re: [PATCH] Add audit uid to netlink credentials, Alexey Kuznetsov
Indexes:	[Date] [Thread] [Top] [All Lists]