audit 1.2.7 released
Stephen Smalley
sds at tycho.nsa.gov
Wed Sep 20 19:12:39 UTC 2006
On Tue, 2006-09-19 at 17:05 -0400, Amy Griffis wrote:
> Steve Grubb wrote: [Mon Sep 18 2006, 08:13:40PM EDT]
> > Please let me know if there are any problems with this release.
>
> I'm seeing some truncated audit records, e.g.
>
> type=DAEMON_END msg=audit(1158669003.740:6165) auditd normal halt,
> sending auid=1001 pid=32268 subj=user_u:system_r:initrc_t:s0 res=suc
>
> which should continue with something like
>
> cess, auditd pid=6785
>
> There are some static buffer sizes in auditd.c that look way too small
> given that libselinux defines the max context size as
>
> #define DEFAULT_CONTEXT_SIZE 255
>
> I think this is an existing problem, and not new to 1.2.7.
SELinux userland code isn't supposed to assume any fixed max.
libselinux does use an initial buffer size as a starting point when
calling e.g. getxattr, but will resize the buffer to a larger size if
necessary.
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list