[PATCH] LSPP audit enablement: storing selinux ocontext and scontext
Steve Grubb
sgrubb at redhat.com
Thu Jul 28 19:45:45 UTC 2005
On Thursday 28 July 2005 15:25, Timothy R. Chavez wrote:
> To do this we'd need two hooks. One to allocate the watch info for the
> context before the creation of the inode and then one to fill it out upon
> success or free it on failure.
Right sort of like a sql transaction. Create the data structures & commit or
rollback. But you could also handle rolling back any allocations should your
function fail.
> Or, we can just use audit_panic :)
No. audit_panic is for when we have overflowed the backlog or hit a rate
limit. This is for when there is no other course of action possible. With the
watches, you could have returned an error. There was a course of action.
-Steve
More information about the Linux-audit
mailing list