Re: [PATCH 2nd revision] Add SELinux context support to AUDIT target
On Monday, June 06, 2011 08:25:56 AM Mr Dash Four wrote:
> Normally there would be an else here to do something like
> audit_log_format(ab, " osid=%u", skb->secmark);
> so that its recorded numerically if the context could not be looked up.
I disagree! That approach was dropped long ago when the secctx was first
introduced to prevent kernel information leaking into userspace (Eric
would know more about this as he designed that aspect of it a couple of
months ago).
This is not any more leak than leaking the context string to user space as this patch
attempts to do. The rest of the audit code does log the numeric representation when
text fails.
-Steve