[PATCH] LSPP audit enablement: storing selinux ocontext and scontext

[Steve Grubb]

On Friday 22 July 2005 13:46, David Woodhouse wrote:
> Steve had some comments to make, I think, but he's at OLS without a laptop
> so that may be delayed...

This is true. There are some bugs in the patch. However, we really haven't 
discussed what the design will look like going forward in LSPP, so this is a 
little premature.

I want to spend a little time drafting up what we need to do and the order in 
which we integrate the pieces. Another thing that I insist on in the next 
round of development is to have a config file for LSPP *before* we start 
coding. I want to make sure that we all agree on how the config looks and 
that it can truly do the job instead of waiting until the end of development 
and seeing if we can do what we intended. 

For example, in the current CAPP system, there is a serious problem pointed 
out by Amy. The problem is that some architectures have socketcall and others 
do not. This means that there is the possibility that we have to have per 
arch config files. The solution, I believe, is to make auditctl not load 
rules for invalid arches. This way one script can be written and auditctl 
will be smarter about what it sends to the kernel.

-Steve