[PATCH 2nd revision] Add SELinux context support to AUDIT target
Steve Grubb
sgrubb at redhat.com
Tue Jun 7 00:59:03 UTC 2011
On Monday, June 06, 2011 07:22:43 PM Pablo Neira Ayuso wrote:
> On 06/06/11 15:10, Mr Dash Four wrote:
> >> Exactly my point. There is no leak if its text or numeric.
> >
> > No, there is no leak if it is a text, but there *is* a leak if it is a
> > numeric. I think I've made that quite clear.
>
> We don't use numeric secmark anymore in nf_conntrack. Not very familiar
> with SELinux, but I remember that the convention was not to provide
> internal numeric values.
All of the audit system records the numbers if conversion fails. We want it as
forensic evidence or troubleshooting information as the case may be.
-Steve
More information about the Linux-audit
mailing list