Re: [PATCH] LSPP audit enablement: storing selinux ocontext and scontext
On Tue, Aug 30, 2005 at 01:43:20PM -0500, Timothy R. Chavez wrote:
But that's just it, if you're not careful when issueing a
panic, there _is_ a
potential of record lossage. Take for instance this case:
We're in context of a "mkdir()" system call. We've determined that
this inode is watched, so then we allocate audit_aux_data memory
for it to place on the audit context. The only problem is that we fail
this memory allocation. Since the inode has already been created,
if we panic the system, there will be no record of the transaction.
This situation could be avoided in the current implementation by
making use of the 20 statically allocated audit_names structs included
in the audit_context.
Amy