From: Patrick McHardy <kaber@trash.net>
To: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: Linux Audit Discussion <linux-audit@redhat.com>,
"Serge E. Hallyn" <serue@us.ibm.com>,
netdev@oss.sgi.com, davem@davemloft.net, kuznet@ms2.inr.ac.ru
Subject: Re: [PATCH] Add audit uid to netlink credentials
Date: Wed, 09 Feb 2005 15:10:08 +0100 [thread overview]
Message-ID: <420A19C0.4070402@trash.net> (raw)
In-Reply-To: <1107956079.17568.42.camel@moss-spartans.epoch.ncsc.mil>
Stephen Smalley wrote:
>On Tue, 2005-02-08 at 01:04, Patrick McHardy wrote:
>
>
>>Reception of netlink messages in the kernel happens in the context
>>of the sending process, so you can simply call
>>audit_get_loginuid(current->audit_context) in audit_receive_msg().
>>
>>
>
>Then why does netlink_sendmsg() need to save the effective capability
>set of the sender in the control buffer (via security_netlink_send) for
>later checking by other receive functions in the kernel (via
>security_netlink_recv)?
>
It looks like it doesn't need to, I guess it was copied from
netlink_sendmsg.
netlink transmission to userspace is asynchronous, some values need to be
saved, but userspace->kernel transmission is synchronous.
>What prevents audit_receive() or other similar
>receive functions in the kernel from processing messages sent by
>multiple senders?
>
Multiple messages from multiple senders are handled by multiple calls to
the input function. Check netlink_kernel_create() and netlink_data_ready().
Regards
Patrick
next prev parent reply other threads:[~2005-02-09 14:10 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-04 16:58 [PATCH] Add audit uid to netlink credentials Serge E. Hallyn
2005-02-08 6:04 ` Patrick McHardy
2005-02-09 13:34 ` Stephen Smalley
2005-02-09 14:10 ` Patrick McHardy [this message]
2005-02-09 14:19 ` Alexey Kuznetsov
2005-02-09 16:49 ` Alexey Kuznetsov
2005-02-09 18:52 ` Patrick McHardy
2005-02-09 18:53 ` Stephen Smalley
2005-02-09 14:17 ` David Woodhouse
2005-02-09 14:50 ` Serge Hallyn
2005-02-09 18:23 ` Stephen Smalley
2005-02-09 18:37 ` Chris Wright
2005-02-09 18:40 ` Stephen Smalley
2005-02-09 23:38 ` Chris Wright
2005-02-09 23:56 ` David Woodhouse
2005-02-10 0:19 ` Chris Wright
2005-02-10 9:20 ` David Woodhouse
2005-02-10 12:40 ` Stephen Smalley
2005-02-10 12:49 ` David Woodhouse
2005-02-10 17:14 ` Chris Wright
2005-02-10 1:11 ` Chris Wright
2005-02-10 12:36 ` Stephen Smalley
2005-02-10 12:51 ` Stephen Smalley
-- strict thread matches above, loose matches on Subject: below --
2005-02-10 14:37 Chad Hanson
2005-02-10 14:56 ` David Woodhouse
2005-02-10 17:52 ` Klaus Weidner
2005-02-10 18:10 ` Casey Schaufler
2005-02-10 19:26 ` Klaus Weidner
2005-02-10 15:16 Chad Hanson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=420A19C0.4070402@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-audit@redhat.com \
--cc=netdev@oss.sgi.com \
--cc=sds@epoch.ncsc.mil \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.