[PATCH] LSPP audit enablement: storing selinux ocontext and scontext
Dustin Kirkland
dustin.kirkland at gmail.com
Thu Oct 13 05:30:14 UTC 2005
On 10/12/05, Klaus Weidner <klaus at atsec.com> wrote:
> On Fri, Oct 07, 2005 at 01:24:13PM -0500, Dustin Kirkland wrote:
> > I'm addressing Amy's concerns and attaching an updated patch with the
> > editions discussed inline.
>
> In an IRC discussion about IPC object audit today, Chris Wright mentioned
> that he's concerned about multiple or missing records and also general
> code aesthetics.
>
> I'm not very familiar with the code, but I think it may be an option to
> put the hooks in the *_checkid() and *get() functions instead of hooking
> ipcperm(), those seem to be used more consistently. It would mean a
> minimal slowdown in non-permission-checking calls as a tradeoff for
> a cleaner interface, assuming that this would indeed get rid of
> duplication.
Stephen-
I'm curious about your take on this... The code is hooked in
ipcperms() and near the DAC checks mainly because of a discussion on
the (then closed) LSPP list on/around May 19, 2005. Just wondering if
you have any objections.
Thanks,
:-Dustin
More information about the Linux-audit
mailing list