Re: [PATCH] IPC_SET_PERM cleanup
Steve Grubb wrote:
On Friday 05 May 2006 16:19, Linda Knippers wrote:
>- if (axi->osid != 0) {
>- char *ctx = NULL;
>- u32 len;
>- if (selinux_ctxid_to_string(
>- axi->osid, &ctx, &len)) {
>- audit_log_format(ab, " osid=%u",
>- axi->osid);
>- call_panic = 1;
>- } else
>- audit_log_format(ab, " obj=%s",
>ctx); - kfree(ctx);
>- }
This patch deletes the context string out of this record. Are we losing
anything important?
I don't think so. I don't think the IPC_SET operations change the sid
(at least I don't see it in the code) so its redundant with the obj information
that's in the IPC record. If I'm missing it, I hope someone will point
it out to me.
If an IPC_SET can change the sid, then we'll have to move all the calls
to audit_ipc_set_perm() so that we get the new obj information in the
success case and don't lose the entire record in the failure case.
-- ljk