dcache_lock deadlock due to auditing
Stephen Smalley
sds at tycho.nsa.gov
Thu Apr 14 20:47:05 UTC 2005
On Thu, 2005-04-14 at 13:35 -0700, Steve G wrote:
> >I'm guessing the security context obtained from the SELinux hooks are
> >is represented by a sid. Is this true?
>
> Yes. This patch is already part of the audit subsystem code and on its way
> upstream.
I didn't see the original posting, but the security_getprocattr (->
selinux_getprocattr) and security_inode_getsecurity (->
selinux_inode_getsecurity) hooks copy security contexts into buffers
supplied by the caller. That is what I was referring to. The pathname
lookup code would need to be modified to invoke
security_inode_getsecurity(), possibly from audit_inode() by passing the
inode structure to it, and copy the context into the auxiliary item list
on the current audit context for display upon audit_log_exit. And
audit_log_exit could be modified to call security_getprocattr to get the
current process context and display it. I don't believe anyone has done
that yet. There has been a patch to log the exe and comm information
for the current task upon audit_log_exit, but that is different.
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the Linux-audit
mailing list