altering audit_log_start
Stephen Smalley
sds at tycho.nsa.gov
Wed Mar 16 18:51:47 UTC 2005
On Wed, 2005-03-16 at 11:58 -0600, Timothy R. Chavez wrote:
> Hello,
>
> I just wanted to get feedback. This would change the audit subsystem such
> that subsystems like SELinux would have to adapt, but I think it'd be better
> in the long run if the audit_log_start() function actually returned a
> ERR_PTR() upon failure. That way we could properly handle/propigate the
> error in non-void functions that want to use audit_log*.
>
> Any opinions on the matter?
It won't help SELinux, as it calls it from its own void function,
avc_audit(). The assumption is that any failure is handled by
audit_log_lost()/audit_panic().
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the Linux-audit
mailing list