On 6/5/20 1:49 PM, Paul Moore wrote:
> Since a pr_xyz() call was already present, I just wanted to change the
> log level to keep the code change to the minimum. But if audit log is
> the right approach for this case, I'll update.
Generally we reserve audit for things that are required for various
security certifications and/or "security relevant". From what you
mentioned above, it seems like this would fall into the second
category if not the first.
Looking at your patch it doesn't look like you are trying to record
anything special so you may be able to use the existing
integrity_audit_msg(...) helper. Of course then the question comes
down to the audit record type (the audit_msgno argument), the
operation (op), and the comm/cause (cause).
Do you feel that any of the existing audit record types are a good fit for this?
Maybe I can use the audit_msgno "AUDIT_INTEGRITY_PCR" with appropriate
strings for "op" and "cause".
Mimi - please let me know if you think this audit_msgno would be ok to
use. I see this code used, for instance, for boot aggregate measurement.
integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op,
audit_cause, result, 0);
thanks,
-lakshmi