[PATCH 3rd revision] Add SELinux context support to AUDIT target
Mr Dash Four
mr.dash.four at googlemail.com
Thu Jun 9 15:16:36 UTC 2011
>> Right, so the function you suggested yesterday (audit_log_secctx) should be
>> added in audit.c in its entirety, and xt_AUDIT.c should just have something
>> like:
>>
>> #ifdef CONFIG_NF_CONNTRACK_SECMARK
>> if (skb->secmark)
>> audit_log_secctx(ab,skb->secmark);
>> #endif
>>
>> Thus, discarding the result (rc), unless we are interested in the error
>> code, which I don't think is the case here. Would everyone be happy with
>> this?
>>
>
> Actually just make it a void function as I don't think anyone
> would/could/should make use of the return value.
>
In other words (audit.c) - N.B. the change from "subj" to "obj" as per
Steve's suggestion a while ago:
void audit_log_secctx(struct auditbuffer *ab, u32 secid)
{
int len;
char *ctx;
if (security_secid_to_secctx(sid, &ctx, &len)) {
audit_panic("Cannot convert secid to context");
} else {
audit_log_format(ab, " obj=%s", ctx);
security_release_secctx(ctx, len);
}
}
And xt_AUDIT.c stays as per my suggestion above. Should I assume that
gets the "go" from everyone concerned?
More information about the Linux-audit
mailing list