[PATCH] LSPP audit enablement: storing selinux ocontext and scontext
Stephen Smalley
sds at tycho.nsa.gov
Tue Aug 30 16:18:18 UTC 2005
On Tue, 2005-08-30 at 10:18 -0500, Dustin Kirkland wrote:
> Ok, then anyone who disagrees with failing the syscall speak up now...
> If this is the preferred operation, please say so.
I think we need to think through how this would work. There are
multiple options, e.g.
1) Only audit-related interfaces for storing audit context information
that are called during syscall processing prior to any user-visible
state changes will handle failures in this manner. Those functions will
_not_ call audit_panic and will return an error to the caller, and those
errors need to be propagated back to userspace. It may be desirable to
have these functions log a warning (via printk) prior to returning the
error so that there is also a record of the issue for perusal by an
admin. This should likely be configurable via auditctl.
2) All audit interfaces and functions will be reworked down to the
audit_panic level, with audit_panic changed to return a value and
internally changed to check new audit_failure flags to see whether it
should return an error or just 0, and if returning an error, whether it
should return the error silently or also log a message via printk. All
call chains leading to audit_panic will then be changed to propagate
errors from it upward to the original caller.
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list