Another slab size-32 leak 2.6.16-rc4-mm2
Stephen Smalley
sds at epoch.ncsc.mil
Mon Mar 6 15:20:05 UTC 2006
On Thu, 2006-03-02 at 14:39 -0600, Dustin Kirkland wrote:
> I'm in-lining a simple patch that solves memory leak and collects the
> required information. Rather than calling audit_ipc_context() which
> allocates memory and returns a char * which was being lost, ipcperms()
> instead calls audit_ipc_perms(), which wraps audit_ipc_context() thereby
> storing the context in an auxiliary IPC audit record. This happens each
> and every time ipcperms() is called.
But ipcperms() isn't called on every IPC operation, in particular not
for the ones that apply uid ownership or capability tests rather than
mode checks, e.g. SHM_LOCK/UNLOCK. Compare the coverage of the
security_* hooks in the ipc code against the audit-related hooks. That
is why I suggested making a call to some audit hook for collecting the
IPC object context from every selinux_* IPC hook - that ensures coverage
without requiring additional audit hooks.
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list