[RFC][PATCH] collect security labels on user processes generating audit messages
Stephen Smalley
sds at tycho.nsa.gov
Thu Feb 9 18:13:25 UTC 2006
On Thu, 2006-02-09 at 10:13 -0600, Timothy R. Chavez wrote:
> On Thu, 2006-02-09 at 09:58 -0500, James Morris wrote:
> > Please look at the way I intend to export SELinux APIs in:
> > http://people.redhat.com/jmorris/selinux/skfilter/kernel/12-skfilter-selinux-exports.patch
>
> This looks good. Do you have a schedule for releasing this? I could
> probably wait until it becomes available in -mm before changing out the
> API plumbing.
Note btw that the advantage of the security_sid_to_context() interface
(wrapped by James' selinux_id_to_ctx interface) is that it internally
allocates a buffer of the right length for you. You don't have to query
for a length and allocate one yourself, unlike the selinux_getsecurity
interface. You do still need to free it when done.
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list