audit: add netlink audit protocol bind to check capabilities on multicast join

Register a netlink per-protocol bind fuction for audit to check userspace process capabilities before allowing a multicast group connection. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Richard Guy Briggs <rgb@redhat.com> 2014-04-22 21:31:56 -0400
committer: David S. Miller <davem@davemloft.net> 2014-04-22 21:42:27 -0400
commit: 3a101b8de0d39403b2c7e5c23fd0b005668acf48 (patch)
tree: b7bce9802ac01cfeb96167d3bdc14b90703b9672 /include/uapi
parent: 7774d5e03f4a41ec7c1e736acc108f112003bb4a (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
index 154dd6d3c8fe..12c37a197d24 100644
--- a/include/uapi/linux/capability.h
+++ b/include/uapi/linux/capability.h
@@ -347,7 +347,12 @@ struct vfs_cap_data {
 #define CAP_BLOCK_SUSPEND    36
-#define CAP_LAST_CAP         CAP_BLOCK_SUSPEND
+/* Allow reading the audit log via multicast netlink socket */
+#define CAP_AUDIT_READ          37
+#define CAP_LAST_CAP         CAP_AUDIT_READ
 #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
author	Richard Guy Briggs <rgb@redhat.com>	2014-04-22 21:31:56 -0400
committer	David S. Miller <davem@davemloft.net>	2014-04-22 21:42:27 -0400
commit	3a101b8de0d39403b2c7e5c23fd0b005668acf48 (patch)
tree	b7bce9802ac01cfeb96167d3bdc14b90703b9672 /include/uapi
parent	7774d5e03f4a41ec7c1e736acc108f112003bb4a (diff)

diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h index 154dd6d3c8fe..12c37a197d24 100644 --- a/include/uapi/linux/capability.h +++ b/include/uapi/linux/capability.h
@@ -347,7 +347,12 @@ struct vfs_cap_data {
347		347
348	#define CAP_BLOCK_SUSPEND 36	348	#define CAP_BLOCK_SUSPEND 36
349		349
350	#define CAP_LAST_CAP CAP_BLOCK_SUSPEND	350	/* Allow reading the audit log via multicast netlink socket */
		351
		352	#define CAP_AUDIT_READ 37
		353
		354
		355	#define CAP_LAST_CAP CAP_AUDIT_READ
351		356
352	#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)	357	#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
353		358