On Sunday 12 October 2008 19:12:47 James Morris wrote: > On Sun, 12 Oct 2008, Steve Grubb wrote: > > I recently found out that the kernel now allows more than 32 > > capabilities. This means I need to update the audit code that inteprets > > this value given from SE Linux. When I looked over the 2.6.27 kernel > > code, I found that SE Linux has not updated the capabilities code. Its > > still being kept as a simple integer in avc.h, but everywhere else I look > > in the kernel has moved to kernel_cap_t, which is an array. Are patches > > for moving to kernel_cap_t scheduled for 2.6.28? Are there security > > implications for not being able to access or control capabilities > 32? > > The AVC can opnly handle 32-bit vectors, so a capability2 class was added > to handle capabilities over 32-bits. > > See > > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h >=b68e418c445e8a468634d0a7ca2fb63bbaa74028 Then does this need some updating in avc.c ? 570 case AVC_AUDIT_DATA_CAP: 571 audit_log_format(ab, " capability=%d", a->u.cap); 572 break; Thanks, -Steve -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
