[PATCH 3rd revision] Add SELinux context support to AUDIT target
Mr Dash Four
mr.dash.four at googlemail.com
Wed Jun 8 16:12:39 UTC 2011
Mr Dash Four wrote:
> Logging the internal numerical representation of secctx is, as I have
> already stated about 3 times by now, exposing internal
> (private-to-the-kernel-only) information to userspace. That cannot be
> allowed.
>
> Besides, this numerical representation isn't reliable - these numbers
> are dynamic and can change - another reason why they should not be
> allowed to be present in the audit log. What happens if I make changes
> to my security policy and then run ausearch/aureport? I am either
> going to see different (wrong!) context reported if ausearch/aureport
> attempts to "convert" those numbers into SELinux context, or, I am
> going to see meaningless numbers. Either way, useless or misleading
> information is going to be reported and we don't want that, do we?
> else
> audit_log_format(ab, " osid=%u", skb->secmark);
>
> _All_ audit code records the number on a failed conversion.
>
I am assuming you haven't read the above. Show me one good reason why I
should alter my patch to include that abomination of yours?
More information about the Linux-audit
mailing list