[PATCH] LSPP audit enablement: storing selinux ocontext and scontext
Steve Grubb
sgrubb at redhat.com
Thu Jul 28 19:13:45 UTC 2005
On Thursday 28 July 2005 14:48, Timothy R. Chavez wrote:
> How does it "retry"?
If there is no memory, the operation should fail.
> If you do "mkdir /tmp/foo" and "foo" is being watched
> and we failed to allocate the memory to place on the audit context, "foo"
> gets created and no record is generated.
mkdir should return -ENOMEM and the dir should not be created. You can't let
the directory be created if the intention was to watch for that and you can't
record the requested event. The user should see the operation failed and try
to make the directory again.
-Steve
More information about the Linux-audit
mailing list