[PATCH]Fix me add subj
Stephen Smalley
sds at tycho.nsa.gov
Tue Aug 26 19:55:51 UTC 2008
On Tue, 2008-08-26 at 15:34 -0400, Steve Grubb wrote:
> On Monday 18 August 2008 06:04:25 Chu Li wrote:
> > I have made a patch for "Fixme add subj" in auditd.c. This is for the
> > latest codes.
>
> Now that the audit svn is open for new work...I started to apply this patch.
> But then I got to thinking about SMACK. It probably does not like us to get
> selinux labels. I was wondering if we need to try to get its label, too? And
> I was wondering if both SE Linux and SMACK could be running at the same time?
> If they can, do we collect both labels?
They are exclusive of one another, and they both provide the process
label via /proc/pid/attr/current. libselinux wraps that kernel
interface with getcon() (for current context) and getpidcon() (for
context of a given pid), which internally handle the allocation of the
buffer and will deal with label translation if using mcstransd.
So if you want the code to work with either, you'd directly
read /proc/pid/attr/current and display the resulting string. If you
want to be SELinux-specific and include functionality like MLS label
translation, you'd use getpidcon(3).
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list