[PATCH 0/5] audit: add restricted capability read-only netlink multicast socket

From: Richard Guy Briggs
Date: Wed Feb 19 2014 - 13:09:20 EST


Hi,

This patch set adds a restricted capability read-only netlink multicast socket
to kaudit to enable userspace clients such as systemd to consume audit logs, in
addition to the existing bidirectional auditd userspace client.

Currently, auditd has the CAP_AUDIT_CONTROL and CAP_AUDIT_WRITE capabilities
(both use CAP_NET_ADMIN). The CAP_AUDIT_READ capability will be added for use
by read-only AUDIT_NLGRP_READLOG multicast group clients to the kaudit
subsystem.

This is accomplished by modifying the optional netlink per-protocol bind
function to return an error code.

https://bugzilla.redhat.com/show_bug.cgi?id=887992

It needs a bit of massage to get past checkpatch.pl...

First posted: https://www.redhat.com/archives/linux-audit/2013-January/msg00008.html
https://lkml.org/lkml/2013/1/27/279

Richard Guy Briggs (5):
audit: move kaudit thread start from auditd registration to kaudit
init
netlink: have netlink per-protocol bind function return an error
code.
audit: add netlink audit protocol bind to check capabilities on
multicast join
audit: add netlink multicast group for log read
audit: send multicast messages only if there are listeners

include/linux/netlink.h | 2 +-
include/uapi/linux/audit.h | 8 ++++
include/uapi/linux/capability.h | 7 +++-
kernel/audit.c | 66 +++++++++++++++++++++++++++++-----
net/netfilter/nfnetlink.c | 6 ++-
net/netlink/af_netlink.c | 30 +++++++++-------
net/netlink/af_netlink.h | 4 +-
security/selinux/include/classmap.h | 2 +-
8 files changed, 95 insertions(+), 30 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/