Re: [PATCH] LSPP audit enablement: storing selinux ocontext and scontext

Thursday, 28 July 2005

On Thursday 28 July 2005 09:49, Steve Grubb wrote:
...
 On Monday 25 July 2005 14:28, Dustin Kirkland wrote:
 > Bugs in the patch?  I don't doubt you, I'm just curious...  Can you
 > cite?

 Another issue...the patch is too eager to call audit_panic(). It is more 
 correct to fail the syscall and let the app handle failure than bring the 
 machine to its knees.

 -Steve 
But audit_panic() doesn't just panic the system or it doesn't have to at 
least.  You're able to set the 'audit_failure' such that when audit_panic() 
is called it can fail silently, print to syslog, or panic the system.

-tim

...

 --
 Linux-audit mailing list
 Linux-audit(a)redhat.com
 http://www.redhat.com/mailman/listinfo/linux-audit

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [PATCH] LSPP audit enablement: storing selinux ocontext and scontext