Re: [PATCH]Fix me add subj
On Wednesday 27 August 2008 12:04:26 Matt Anderson wrote:
On Tue, Aug 26, 2008 at 04:08:35PM -0400, Steve Grubb wrote:
> On Tuesday 26 August 2008 15:55:51 Stephen Smalley wrote:
> > So if you want the code to work with either, you'd directly
> > read /proc/pid/attr/current and display the resulting string. ??If you
> > want to be SELinux-specific and include functionality like MLS label
> > translation, you'd use getpidcon(3).
>
> Thanks, that's very helpful. I think we want the raw data and then do
> context translations later in the parsing library if someone asks for it.
Can we be sure the delayed translation will be correct?
I don't plan to add translations any time soon. We also don't have time to do
a translation while logging. So, we will just have raw data for a while.
It seems to me that by then the policy or the translation could have
changed
and although you may have an audit of that event you wouldn't necessarily be
able to reconstruct the context that should appear in the log.
True and something that will need to be worked around.
-Steve