[PATCH 3rd revision] Add SELinux context support to AUDIT target
Mr Dash Four
mr.dash.four at googlemail.com
Thu Jun 16 08:36:21 UTC 2011
>>> #ifdef CONFIG_NF_CONNTRACK_SECMARK
>>> if (skb->secmark)
>>> audit_log_secctx(ab,skb->secmark);
>>> #endif
>>>
>>> Thus, discarding the result (rc), unless we are interested in the error
>>> code, which I don't think is the case here. Would everyone be happy
>>> with
>>> this?
>>>
>>
>> Actually just make it a void function as I don't think anyone
>> would/could/should make use of the return value.
>>
> In other words (audit.c) - N.B. the change from "subj" to "obj" as per
> Steve's suggestion a while ago:
>
> void audit_log_secctx(struct auditbuffer *ab, u32 secid)
> {
> int len;
> char *ctx;
>
> if (security_secid_to_secctx(sid, &ctx, &len)) {
> audit_panic("Cannot convert secid to context");
> } else {
> audit_log_format(ab, " obj=%s", ctx);
> security_release_secctx(ctx, len);
> }
> }
>
> And xt_AUDIT.c stays as per my suggestion above. Should I assume that
> gets the "go" from everyone concerned?
If there are no objections, I'll resubmit the patch at the weekend with
the above functionality implemented.
More information about the Linux-audit
mailing list