On Fri, Feb 17, 2006 at 12:08:11AM -0600, Dustin Kirkland wrote:
Amy: In audit_data_to_entry(), you're using an effectively
temporary
char *path. I, too, needed a temporary string pointer, so I declared
char *str and replaced your couple of instances of path with str. Let
me know if this is ok by you. I couldn't very well call my temp string
"path". And it didn't make much sense to me to declare another throwaway
pointer.
Looks fine.
There's a little code duplication with the audit_unpack_string
too.
In order to eliminate that, we'd need something that ties the
AUDIT_SE_* and AUDIT_WATCH fields together as string fields. Given
that it's only four lines and only duplicated once, it might not be
worth it at this point. But if it's an indication we would want
userspace to provide, then we need to add it now.
One last point... This patch only covers matching on process
context.
You'll also need to add helpers for the new AUDIT_SE_* fields to be
used for rule listing and rule comparison.
Regards,
Amy