Re: [PATCH] context based audit filtering (take 3)
On Thu, 2006-02-23 at 17:31 -0600, Darrel Goeddel wrote:
Stephen Smalley wrote:
> On Tue, 2006-02-21 at 17:59 -0600, Darrel Goeddel wrote:
>
>>The updated version of Dustin's patch I referred to is below. The changes
are
>>are follows:
>>
>>- printk a warning and ignore invalid selinux rules (but still hang on to them
>> so they may be activated with a later policy reload).
>
>
> Should this be a printk or an audit_log call?
Steve G had suggested syslogging it, so I went with the printk. What would
be more noticeable?
Anything user-triggerable should likely be using audit_log. Internal
kernel errors reflecting a bug within the kernel might still use
printk(KERN_ERR...). But I think we want to migrate SELinux and audit
over to using audit_log whenever possible, only using printk as the
fallback for things like audit_panic, no audit daemon, etc.
--
Stephen Smalley
National Security Agency