Re: Thoughts on the "No Linux Security Modules framework" old claims

From: Valdis . Kletnieks
Date: Tue Feb 15 2005 - 23:23:39 EST

Previous message: Stephen Evanchik: "Re: PATCH 2.6.11-rc4]: IBM TrackPoint configuration support"
In reply to: Lorenzo Hernández García-Hierro: "Thoughts on the "No Linux Security Modules framework" old claims"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 15 Feb 2005 23:38:09 +0100, Lorenzo =?ISO-8859-1?Q?Hern=E1ndez_?= =?ISO-8859-1?Q?Garc=EDa-Hierro?= said:

> Yes, and that's noticed from the "official" documentation.
> But, who says that we can't place auditing facilities inside the
> existing hooks? or even file system linking related tweaks?

Many auditing policies require an audit event to be generated if the operation
is rejected by *either* the DAC (as implemented by the file permissions
and possibly ACLs) *or* the MAC (as implemented by the LSM exit). However,
in most (all?) cases, the DAC check is made *first*, and the LSM exit isn't
even called if the DAC check fails. As a result, if you try to open() a file
and get -EPERM due to the file permissions, the LSM exit isn't called and
you can't cut an audit record there.

Attachment: pgp00000.pgp
Description: PGP signature

Previous message: Stephen Evanchik: "Re: PATCH 2.6.11-rc4]: IBM TrackPoint configuration support"
In reply to: Lorenzo Hernández García-Hierro: "Thoughts on the "No Linux Security Modules framework" old claims"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]