Remove/fix usage of MEDUSA_EVTYPE_NOTTRIGGERED in events

Question

Remove/fix usage of MEDUSA_EVTYPE_NOTTRIGGERED in events

Closed this issue 3 years ago · 1 comments

Usage of MEDUSA_EVTYPE_NOTTRIGGERED in evtypes causes authorization server not able to synchronize internal hierarchy with actual system (filesystem, processes, etc.).

In other words, evtypes need to have bitnr assigned, so authorization server can decide whether the object can inherit security information from its parent (when object is not monitored) or it needs to be sent to authorization server to get specific security information.

See file_kobj_validate_dentry_dir in Medusa and generic_set_handler in Constable for more information.

Answer 1 · 2022-02-21T13:13:48.000Z

Remove MEDUSA_EVTYPE_NOTTRIGGERED from getfile and getprocess.
~~Change set_bit to bitmap_set (see MED_SET_BIT) and similar functions.~~
Include assert of masked bitnr (when nottrigerred)