[RFC][PATCH] collect security labels on user processes generating audit messages
Timothy R. Chavez
tinytim at us.ibm.com
Wed Feb 15 16:41:13 UTC 2006
On Wed, 2006-02-15 at 11:17 -0500, Stephen Smalley wrote:
> On Wed, 2006-02-15 at 09:49 -0600, Timothy R. Chavez wrote:
> > This makes sense to me. I'll go ahead and make the change. I wouldn't
> > even technically need the function or function call in my patch since
> > selinux_available() simply returns ss_initialized.
>
> Well, I think we want to keep that variable private to the SELinux
> "module". In the future, we'll likely add proper namespace prefixes to
> all non-static SELinux symbols to avoid polluting the kernel namespace.
>
I think maybe I miscommunicated my intentions. If I move the check to
determine whether or not SELinux is enabled into selinux_id_to_ctx(),
then I can simply use ss_initialized directly rather then calling
selinux_available(), as I'll be making the check within the SELinux
"module" (selinux/exports.c).
-tim
More information about the Linux-audit
mailing list