Re: [PATCH 3rd revision] Add SELinux context support to AUDIT target
On Tuesday, June 07, 2011 06:32:35 AM Mr Dash Four wrote:
Add SELinux context support to AUDIT target - 3rd revision
(style-type
changes made *only* since 2nd revision of this patch). Typical (raw
auditd) output after applying this patch would be:
<snip>
@@ -163,6 +170,15 @@ audit_tg(struct sk_buff *skb, const struct
xt_action_param *par) break;
}
+#ifdef CONFIG_NF_CONNTRACK_SECMARK
+ if (skb->secmark) {
+ if (!security_secid_to_secctx(skb->secmark, &secctx, &len)) {
+ audit_log_format(ab, " obj=%s", secctx);
+ security_release_secctx(secctx, len);
+ }
else
audit_log_format(ab, " osid=%u", skb->secmark);
_All_ audit code records the number on a failed conversion.
-Steve
+ }
+#endif
+
audit_log_end(ab);
errout: