[redhat-lspp] Re: [PATCH] change lspp inode auditing
Stephen Smalley
sds at tycho.nsa.gov
Thu Mar 30 16:15:22 UTC 2006
On Thu, 2006-03-30 at 09:21 -0600, Serge E. Hallyn wrote:
> > However, that does bring up a separate issue beyond the inability to
> > allocate the context; the SID may be invalidated by a policy load, at
>
> That was what I was addressing.
>
> > which point you'll get back the unlabeled context upon subsequent
> > attempts to map it to a context. Hence, if you have a policy reload
>
> You couldn't end up with a completely wrong context this way?
No, at policy reload time, the SID table is remapped, with each context
either re-translated to the new representation or dropped entirely if
invalid. In the latter case, later lookups will return the unlabeled
SID's context instead.
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list