Re: [PATCH] LSPP audit enablement: storing selinux ocontext and scontext

On Friday 22 July 2005 13:46, David Woodhouse wrote: This is true. There are some bugs in the patch. However, we really haven't discussed what the design will look like going forward in LSPP, so this is a little premature. I want to spend a little time drafting up what we need to do and the order in which we integrate the pieces. Another thing that I insist on in the next round of development is to have a config file for LSPP *before* we start coding. I want to make sure that we all agree on how the config looks and that it can truly do the job instead of waiting until the end of development and seeing if we can do what we intended. For example, in the current CAPP system, there is a serious problem pointed out by Amy. The problem is that some architectures have socketcall and others do not. This means that there is the possibility that we have to have per arch config files. The solution, I believe, is to make auditctl not load rules for invalid arches. This way one script can be written and auditctl will be smarter about what it sends to the kernel. -Steve