[PATCH ghak122 v1] audit: store event sockaddr in case of no rules
Casey Schaufler
casey at schaufler-ca.com
Tue Jul 14 00:28:22 UTC 2020
On 7/13/2020 5:11 PM, Paul Moore wrote:
> On Mon, Jul 13, 2020 at 7:09 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
>> ... but it does appear that I could switch to using your audit_alloc_local().
> In my opinion, linking the audit container ID and LSM stacking
> patchsets would seem like a very big mistake, especially since the
> consolidation you are describing could be done after the fact without
> any disruption to the kernel/userspace interface. I would strongly
> encourage both patchsets to remain self-contained if at all possible
> so as to not jeopardize each other.
Whatever helps the review/ack process best works for me. I will leave
audit_stamp_context() as is unless there is other feedback that leads
it to be changed.
More information about the Linux-audit
mailing list