[PATCH][RFC] V1 Remove SELinux dependencies from linux-audit via LSM
Casey Schaufler
casey at schaufler-ca.com
Fri Aug 3 18:56:30 UTC 2007
--- Stephen Smalley <sds at tycho.nsa.gov> wrote:
> On Fri, 2007-08-03 at 09:33 -0700, Casey Schaufler wrote:
> > --- Casey Schaufler <casey at schaufler-ca.com> wrote:
> >
> > > > > diff -uprN -X linux-2.6.22-base/Documentation/dontdiff
> > > > > linux-2.6.22-base/include/linux/security.h
> > > > > linux-2.6.22-audit/include/linux/security.h
> > > > > --- linux-2.6.22-base/include/linux/security.h 2007-07-08
> > > > 16:32:17.000000000
> > > > > -0700
> > > > > +++ linux-2.6.22-audit/include/linux/security.h 2007-08-01
> > > > 20:14:18.000000000
> > > > > -0700
> > > > > @@ -35,6 +35,8 @@
> > > > > #include <net/flow.h>
> > > > >
> > > > > struct ctl_table;
> > > > > +struct audit_krule;
> > > > > +struct selinux_audit_rule;
> > > >
> > > > selinux_audit_rule in LSM interface?
> > >
> > > The structure needs a new name. Any objections to audit_rule_lsm?
> > > I'd suggest security_audit_rule, but that doesn't say anything about
> > > where to look to see how it gets used.
> >
> > Actually, it's worse than that because an selinux_audit_rule really
> > is SELinux specific. Any problem with making the security_audit_rule
> > interfaces use a void * ? The audit code appears to be accomodating.
>
> The struct is already opaque outside of the security module, so you can
> just rename it and implement your own version of the struct in your
> module.
Oh so true in the module. The LSM interfaces (security_audit_rule_xxx)
themselves don't care what it is and it will differ between modules,
so a void * seems correct there.
Casey Schaufler
casey at schaufler-ca.com
More information about the Linux-audit
mailing list