[PATCH] IPC_SET_PERM cleanup
Linda Knippers
linda.knippers at hp.com
Fri May 5 20:59:49 UTC 2006
Steve Grubb wrote:
> On Friday 05 May 2006 16:19, Linda Knippers wrote:
>
>>- if (axi->osid != 0) {
>>- char *ctx = NULL;
>>- u32 len;
>>- if (selinux_ctxid_to_string(
>>- axi->osid, &ctx, &len)) {
>>- audit_log_format(ab, " osid=%u",
>>- axi->osid);
>>- call_panic = 1;
>>- } else
>>- audit_log_format(ab, " obj=%s",
>>ctx); - kfree(ctx);
>>- }
>
>
> This patch deletes the context string out of this record. Are we losing
> anything important?
I don't think so. I don't think the IPC_SET operations change the sid
(at least I don't see it in the code) so its redundant with the obj information
that's in the IPC record. If I'm missing it, I hope someone will point
it out to me.
If an IPC_SET can change the sid, then we'll have to move all the calls
to audit_ipc_set_perm() so that we get the new obj information in the
success case and don't lose the entire record in the failure case.
-- ljk
More information about the Linux-audit
mailing list