Bug 174422
Summary: | nscd update for new audit messages | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Steve Grubb <sgrubb> | ||||
Component: | glibc | Assignee: | Jakub Jelinek <jakub> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | Brian Brock <bbrock> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | rawhide | CC: | drepper | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | 2.3.90-25 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2006-01-03 07:55:37 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Steve Grubb
2005-11-28 21:42:49 UTC
Created attachment 121562 [details]
patch updating to new audit functionality
Please review and apply.
I've added a slightly improved version of the patch. But what is the FIXME about? When will this be corrected? Thanks for looking at this. I was hoping to bump the so number early in Jan with the old functions removed. nscd is the only app that is holding that up. In any event, the FIXME is that the user field in the audit message is being filled in with getuid() which is the user id of nscd...rather than the user that requested the action that violated the SE Linux policy. I don't know the data structures being passed around in nscd (or se linux) to correctly attribute the caller for the violation of the policy. My main objective at this moment was simply to change the called function so that I can bump the so number. There is another fix needed for nscd. When it changes from root to the nscd user, it needs to keep CAP_AUDIT_WRITE. I haven't added that patch yet since I'm still refining the technique with dbus and newrole. If you would like to go ahead and add it, I'd really appreciate it. > I was hoping to bump the so number early in Jan with > the old functions removed. Why? It is always bad to bump SONAMEs. > I don't know the data structures being passed around in nscd (or se linux) to > correctly attribute the caller for the violation of the policy. The nscd side is trivial. nscd_request_avc_has_perm can easily be passed the UID of the other side. We already compute it (sometimes) at the call side. The question is: how to pass it to the printing routine. I guess it is called through avc_has_perm. If you figure this out it's easy enough to add. glibc-2.3.90-25 should show up in rawhide today. |