From mboxrd@z Thu Jan 1 00:00:00 1970 From: ebiederm@xmission.com (Eric W. Biederman) Subject: Re: [PATCH RFC 8/8] audit: allow user records to be created inside a container Date: Mon, 18 Mar 2013 14:28:16 -0700 Message-ID: <87ppyw9z4f.fsf@xmission.com> References: <1363619405-6419-1-git-send-email-arozansk@redhat.com> <1363619405-6419-9-git-send-email-arozansk@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1363619405-6419-9-git-send-email-arozansk@redhat.com> (Aristeu Rozanski's message of "Mon, 18 Mar 2013 11:10:05 -0400") List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Aristeu Rozanski Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com Aristeu Rozanski writes: > Since user events will be followed by namespace information, userspace > can filter off undesired container records. I don't think we want to allow any user to write to the audit records, that is what nsown_capable will allow, as all you would need to do is to unshare the user namespace to be able to write audit records. Eric > @@ -597,13 +612,13 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type) > case AUDIT_TTY_SET: > case AUDIT_TRIM: > case AUDIT_MAKE_EQUIV: > - if (!capable(CAP_AUDIT_CONTROL)) > + if (!nsown_capable(CAP_AUDIT_CONTROL)) > err = -EPERM; > break; > case AUDIT_USER: > case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG: > case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2: > - if (!capable(CAP_AUDIT_WRITE)) > + if (!nsown_capable(CAP_AUDIT_WRITE)) > err = -EPERM; > break; > default: /* bad msg */