[PATCH 2nd revision] Add SELinux context support to AUDIT target
Casey Schaufler
casey at schaufler-ca.com
Tue Jun 7 01:23:53 UTC 2011
On 6/6/2011 5:59 PM, Steve Grubb wrote:
> On Monday, June 06, 2011 07:22:43 PM Pablo Neira Ayuso wrote:
>> On 06/06/11 15:10, Mr Dash Four wrote:
>>>> Exactly my point. There is no leak if its text or numeric.
>>> No, there is no leak if it is a text, but there *is* a leak if it is a
>>> numeric. I think I've made that quite clear.
>> We don't use numeric secmark anymore in nf_conntrack. Not very familiar
>> with SELinux, but I remember that the convention was not to provide
>> internal numeric values.
> All of the audit system records the numbers if conversion fails.
Consistency is important
> We want it as
> forensic evidence or troubleshooting information as the case may be.
It's completely pointless to have in the audit record. The code
ought to treat an untranslatable secmark with the same severity
as an invalid pointer. You could argue that it is oopsable. Certainly
worthy of a BUG invocation. Printing the numeric is sloppy error
handling.
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
More information about the Linux-audit
mailing list