Re: [PATCH 3rd revision] Add SELinux context support to AUDIT target
On 6/8/2011 7:49 AM, Steve Grubb wrote:
On Tuesday, June 07, 2011 06:32:35 AM Mr Dash Four wrote:
> Add SELinux context support to AUDIT target - 3rd revision (style-type
> changes made *only* since 2nd revision of this patch). Typical (raw
> auditd) output after applying this patch would be:
<snip>
> @@ -163,6 +170,15 @@ audit_tg(struct sk_buff *skb, const struct
> xt_action_param *par) break;
> }
>
> +#ifdef CONFIG_NF_CONNTRACK_SECMARK
> + if (skb->secmark) {
> + if (!security_secid_to_secctx(skb->secmark, &secctx, &len)) {
> + audit_log_format(ab, " obj=%s", secctx);
> + security_release_secctx(secctx, len);
> + }
else
audit_log_format(ab, " osid=%u", skb->secmark);
_All_ audit code records the number on a failed conversion.
But it really shouldn't. An unconvertible secid is indicative
of a serious, unrecoverable failure within the LSM. It's every
bit as bad as an invalid pointer.
-Steve
> + }
> +#endif
> +
> audit_log_end(ab);
>
> errout:
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit