Re: [RFC][PATCH] collect security labels on user processes generating audit messages

Thursday, 9 February 2006

On Thu, 9 Feb 2006, Timothy R. Chavez wrote:

...
 > Please look at the way I intend to export SELinux APIs in:
 >
http://people.redhat.com/jmorris/selinux/skfilter/kernel/12-skfilter-seli...

 This looks good.  Do you have a schedule for releasing this? 
No, it's blocked on some core netfilter changes.  I suggest following its 
format, though, if needed.

...
 > I wonder if it might be better to use the security context
directly.
 >

 I think it'd be the simplest solution, but I was a bit weary about
 adding a string param... I thought using an integer might be the path of
 least resistance :) 
As previousl mentioned, also consider adding a security blob to the 
netlink params.

...
 > security_task_getsid() doesn't exist.
 > 
 > You created security_task_getsecurity(), which retrieves the security
 > context.

 Actually, security_task_getsid() does exist (or did exist last time I
 updated the viro/audit-2.6 git tree).

 http://www.promethos.org/lxr/http/ident?i=security_task_getsid 
Oh, ok.

Where is security_task_getsecurity() used, then?

- James
-- 
James Morris
<jmorris(a)namei.org&gt;

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [RFC][PATCH] collect security labels on user processes generating audit messages