[PATCH 3rd revision] Add SELinux context support to AUDIT target
Mr Dash Four
mr.dash.four at googlemail.com
Wed Jun 8 18:45:12 UTC 2011
> how is this error preserved in the audit trail?
>
Look at my patch again - if the secctx cannot be retrieved, either
because a) it does not exists; or b) because of internal error or
otherwise, then it is not logged in the audit log as part of the
NETFILTER_PKT message (the fact there is internal LSM error has
absolutely nothing to do with a netfilter packet!).
If, internally (upon calling security_secid_to_secctx) there is a
decision to handle that *internal* error in one way or another so be it,
but as far as my patch goes - there is no secctx if that function
returns nothing and I think that is the right think to do.
More information about the Linux-audit
mailing list