Re: [PATCH] LSPP audit enablement: storing selinux ocontext and scontext

On Tue, 2005-08-30 at 10:18 -0500, Dustin Kirkland wrote: I think we need to think through how this would work. There are multiple options, e.g. 1) Only audit-related interfaces for storing audit context information that are called during syscall processing prior to any user-visible state changes will handle failures in this manner. Those functions will _not_ call audit_panic and will return an error to the caller, and those errors need to be propagated back to userspace. It may be desirable to have these functions log a warning (via printk) prior to returning the error so that there is also a record of the issue for perusal by an admin. This should likely be configurable via auditctl. 2) All audit interfaces and functions will be reworked down to the audit_panic level, with audit_panic changed to return a value and internally changed to check new audit_failure flags to see whether it should return an error or just 0, and if returning an error, whether it should return the error silently or also log a message via printk. All call chains leading to audit_panic will then be changed to propagate errors from it upward to the original caller. -- Stephen Smalley National Security Agency