Re: [PATCH] selinux: print leading 0x on ioctlcmd audits

On Thu, Jul 14, 2016 at 4:18 PM, William Roberts wrote: > On Thu, Jul 14, 2016 at 3:17 PM, Paul Moore <paul(a)paul-moore.com&gt; wrote: >> On Thu, Jul 14, 2016 at 3:29 PM, <william.c.roberts(a)intel.com&gt; wrote: >> > From: William Roberts <william.c.roberts(a)intel.com&gt; >> > >> > ioctlcmd is currently printing hex numbers, but their is no leading >> > 0x. Thus things like ioctlcmd=1234 are misleading, as the base is >> > not evident. >> > >> > Correct this by adding 0x as a prefix, so ioctlcmd=1234 becomes >> > ioctlcmd=0x1234. >> > >> > Signed-off-by: William Roberts <william.c.roberts(a)intel.com&gt; >> > --- >> > security/lsm_audit.c | 2 +- >> > 1 file changed, 1 insertion(+), 1 deletion(-) >> >> NOTE: adding Steve Grubb and the audit mailing list to the CC line >> >> Like it or not, I believe the general standard/convention when it >> comes to things like this is to leave off the "0x" prefix; the idea >> being that is saves precious space in the audit logs and the value is >> only ever going to be in hex anyway. > > Is it always in hex, what about pid? Outside of escaped untrusted input ...