Re: [RFC][PATCH] collect security labels on user processes generating audit messages
On Thu, 2006-02-09 at 10:15 -0500, James Morris wrote:
On Thu, 9 Feb 2006, James Morris wrote:
> You also need to verify the policy serial number.
>
> I wonder if it might be better to use the security context directly.
Also consider adding a security field to netlink messages, to managed by
the LSM.
A generic security blob would require full lifecycle maintenance,
including the old sk hooks that were rejected for 2.5. I also think it
is a mistake to generalize the audit system's use of SELinux, as I don't
think that any other LSM is likely to provide LSPP functionality, so we
might as well just convert all of these audit-SELinux interfaces into
direct SELinux calls IMHO. At least in the long term if not
immediately.
--
Stephen Smalley
National Security Agency