[PATCH 4th revision] Add SELinux context support to AUDIT target
Steve Grubb
sgrubb at redhat.com
Mon Jun 20 12:20:22 UTC 2011
On Saturday, June 18, 2011 08:08:05 AM Mr Dash Four wrote:
> +#ifdef CONFIG_SECURITY
> +/**
> + * audit_log_secctx - Converts and logs SELinux context
> + * @ab: audit_buffer
> + * @secid: security number
> + *
> + * This is a helper function that calls security_secid_to_secctx to
> convert secid to secctx + * and then adds the (converted) SELinux context
> to the audit log + * by calling audit_log_format, thus also preventing
> leak of internal secid to userspace. + * If secid cannot be converted
> audit_panic is called.
> + */
> +void audit_log_secctx(struct audit_buffer *ab, u32 secid)
> +{
> + u32 len;
> + char *secctx;
> +
> + if (security_secid_to_secctx(secid, &secctx, &len)) {
> + audit_panic("Cannot convert secid to context");
> + } else {
> + audit_log_format(ab, " obj=%s", secctx);
> + security_release_secctx(secctx, len);
Eric,
Do you think this should be hardcoded to be obj? Would we ever log the subj? Or should
obj be part of the function name to make it clear which piece is getting logged?
-Steve
More information about the Linux-audit
mailing list