lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <cover.1392831003.git.rgb@redhat.com>
Date:	Wed, 19 Feb 2014 13:08:18 -0500
From:	Richard Guy Briggs <rgb@...hat.com>
To:	netdev@....sgi.com, davem@...emloft.net, linux-audit@...hat.com,
	linux-kernel@...r.kernel.org
Cc:	Richard Guy Briggs <rgb@...hat.com>,
	Eric Paris <eparis@...hat.com>, Steve Grubb <sgrubb@...hat.com>
Subject: [PATCH 0/5] audit: add restricted capability read-only netlink multicast socket

Hi, 

This patch set adds a restricted capability read-only netlink multicast socket
to kaudit to enable userspace clients such as systemd to consume audit logs, in
addition to the existing bidirectional auditd userspace client. 
    
Currently, auditd has the CAP_AUDIT_CONTROL and CAP_AUDIT_WRITE capabilities
(both use CAP_NET_ADMIN).  The CAP_AUDIT_READ capability will be added for use
by read-only AUDIT_NLGRP_READLOG multicast group clients to the kaudit
subsystem.
  
This is accomplished by modifying the optional netlink per-protocol bind
function to return an error code.

https://bugzilla.redhat.com/show_bug.cgi?id=887992 

It needs a bit of massage to get past checkpatch.pl...

First posted:	https://www.redhat.com/archives/linux-audit/2013-January/msg00008.html
		https://lkml.org/lkml/2013/1/27/279

Richard Guy Briggs (5):
  audit: move kaudit thread start from auditd registration to kaudit
    init
  netlink: have netlink per-protocol bind function return an error
    code.
  audit: add netlink audit protocol bind to check capabilities on
    multicast join
  audit: add netlink multicast group for log read
  audit: send multicast messages only if there are listeners

 include/linux/netlink.h             |    2 +-
 include/uapi/linux/audit.h          |    8 ++++
 include/uapi/linux/capability.h     |    7 +++-
 kernel/audit.c                      |   66 +++++++++++++++++++++++++++++-----
 net/netfilter/nfnetlink.c           |    6 ++-
 net/netlink/af_netlink.c            |   30 +++++++++-------
 net/netlink/af_netlink.h            |    4 +-
 security/selinux/include/classmap.h |    2 +-
 8 files changed, 95 insertions(+), 30 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ