[PATCH 2nd revision] Add SELinux context support to AUDIT target
Steve Grubb
sgrubb at redhat.com
Mon Jun 6 12:53:57 UTC 2011
On Monday, June 06, 2011 08:42:15 AM Mr Dash Four wrote:
> > This is not any more leak than leaking the context string to user space
> > as this patch attempts to do. The rest of the audit code does log the
> > numeric representation when text fails.
>
> There is no "leak" when the secctx is recorded in the audit log - it is
> supposed to be there, if present (and retrievable).
Exactly my point. There is no leak if its text or numeric.
> As for exposing the (internal) numerical representation of the secctx - this was
> discussed previously and the approach you are suggesting was dropped. To quote
> Eric on this very issue "[It] exports the internal secid to userspace.
> These are dynamic, can change on lsm changes, and have no meaning in
> userspace. We should instead be sending lsm contexts to userspace
> instead.".
Doesn't matter. The requirements of the protection profiles say to log the object's
label. It does not care if its text or numeric. It also does not say sometimes or only
when its convenient. :) Its either important enough to log even if text conversion
fails or its not important enough to log at all.
-Steve
More information about the Linux-audit
mailing list