Re: [PATCH] Rework of IPC auditing
On Fri, Mar 10, 2006 at 01:25:19PM -0600, Dustin Kirkland wrote:
The audit_ipc_new_perm() function is called any time the permissions
on
the ipc object changes. In this case, the NEW permissions are recorded
(and note that an audit_ipc_obj() call exists just a few lines before
each instance).
Thanks, this resolves my issue with the ambiguity around the perm
fields.
I think at this point this patch is ready for inclusion in our LSPP
kernels and some testing.
Yes, my only question is whether we will see any duplicate AUDIT_IPC
records for a given operation. I haven't followed all the code paths
to see whether this would happen or not.
I have a couple of questions that remain:
- I'd like to run these changes carefully by someone very familiar with
the Linux ipc code. There are some strange nuances between msg.c,
sem.c, and shm.c that I'd like to make sure are interpreted correctly.
Al, is this your area?
You might try Manfred Spraul or Alan Cox.
- There are a couple of warnings that have been in the ipc
compilations
for some time now about possibly using setbuf.* before initialization.
I'm wondering if anyone thinks these compiler warnings are founded and
if anyone has suggestions to silence them?
I don't see those warnings in my build.
Regards,
Amy