Re: [PATCH 3rd revision] Add SELinux context support to AUDIT target
> Right, so the function you suggested yesterday (audit_log_secctx)
should be
> added in audit.c in its entirety, and xt_AUDIT.c should just have something
> like:
>
> #ifdef CONFIG_NF_CONNTRACK_SECMARK
> if (skb->secmark)
> audit_log_secctx(ab,skb->secmark);
> #endif
>
> Thus, discarding the result (rc), unless we are interested in the error
> code, which I don't think is the case here. Would everyone be happy with
> this?
>
Actually just make it a void function as I don't think anyone
would/could/should make use of the return value.
In other words (audit.c) - N.B. the change from "subj" to
"obj" as per
Steve's suggestion a while ago:
void audit_log_secctx(struct auditbuffer *ab, u32 secid)
{
int len;
char *ctx;
if (security_secid_to_secctx(sid, &ctx, &len)) {
audit_panic("Cannot convert secid to context");
} else {
audit_log_format(ab, " obj=%s", ctx);
security_release_secctx(ctx, len);
}
}
And xt_AUDIT.c stays as per my suggestion above. Should I assume that
gets the "go" from everyone concerned?