[PATCH] LSPP audit enablement: storing selinux ocontext and scontext
Klaus Weidner
klaus at atsec.com
Wed Oct 12 23:04:56 UTC 2005
On Fri, Oct 07, 2005 at 01:24:13PM -0500, Dustin Kirkland wrote:
> I'm addressing Amy's concerns and attaching an updated patch with the
> editions discussed inline.
In an IRC discussion about IPC object audit today, Chris Wright mentioned
that he's concerned about multiple or missing records and also general
code aesthetics.
I'm not very familiar with the code, but I think it may be an option to
put the hooks in the *_checkid() and *get() functions instead of hooking
ipcperm(), those seem to be used more consistently. It would mean a
minimal slowdown in non-permission-checking calls as a tradeoff for
a cleaner interface, assuming that this would indeed get rid of
duplication.
-Klaus
More information about the Linux-audit
mailing list