[PATCH 3rd revision] Add SELinux context support to AUDIT target

[Mr Dash Four]

Mr Dash Four wrote:
> Logging the internal numerical representation of secctx is, as I have 
> already stated about 3 times by now, exposing internal 
> (private-to-the-kernel-only) information to userspace. That cannot be 
> allowed.
>
> Besides, this numerical representation isn't reliable - these numbers 
> are dynamic and can change - another reason why they should not be 
> allowed to be present in the audit log. What happens if I make changes 
> to my security policy and then run ausearch/aureport? I am either 
> going to see different (wrong!) context reported if ausearch/aureport 
> attempts to "convert" those numbers into SELinux context, or, I am 
> going to see meaningless numbers. Either way, useless or misleading 
> information is going to be reported and we don't want that, do we?

> else
> 	audit_log_format(ab, " osid=%u", skb->secmark);
>
> _All_  audit code records the number on a failed conversion.
>   
I am assuming you haven't read the above. Show me one good reason why I 
should alter my patch to include that abomination of yours?