[PATCH] LSPP audit enablement: storing selinux ocontext and scontext
Amy Griffis
amy.griffis at hp.com
Tue Aug 30 20:29:50 UTC 2005
On Tue, Aug 30, 2005 at 01:43:20PM -0500, Timothy R. Chavez wrote:
> But that's just it, if you're not careful when issueing a panic, there _is_ a
> potential of record lossage. Take for instance this case:
>
> We're in context of a "mkdir()" system call. We've determined that
> this inode is watched, so then we allocate audit_aux_data memory
> for it to place on the audit context. The only problem is that we fail
> this memory allocation. Since the inode has already been created,
> if we panic the system, there will be no record of the transaction.
This situation could be avoided in the current implementation by
making use of the 20 statically allocated audit_names structs included
in the audit_context.
Amy
More information about the Linux-audit
mailing list