From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: audit 1.2.2 released
Date: Wed, 24 May 2006 09:04:15 -0400
Message-ID: <200605240904.15987.sgrubb@redhat.com>
References: <200605121726.32952.sgrubb@redhat.com>
	<4473374C.8030902@us.ibm.com> <44738AA0.50006@us.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <44738AA0.50006@us.ibm.com>
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Michael C Thompson <thompsmc@us.ibm.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Tuesday 23 May 2006 18:20, Michael C Thompson wrote:
> socket_has_perm returns 0, 

This function is not exactly the one I was after..

3387 static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
3388 {
<snip>
3401         err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
3402         if (err) {
<snip>
3415                 goto out;
3416         }
3417 
3418         err = socket_has_perm(current, sock, perm);
3419 out:
3420         return err;
3421 }

Socket_has_perm has the second vote. This function in turn gets called by 
selinux_netlink_send, so that is probably the best place to hook.

> If you have any possible fixes, I'll gladly test them, but currently,
> I'm at a loss for time and can't continue.

I guess I'll put the hooks in the next kernel and let you test them.

-Steve