Re: audit-ptrace patch (untested)
Alexander Viro wrote: [Mon Mar 12 2007, 08:20:55AM EDT]
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 3599558..f489fed 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
<snip>
+void __audit_ptrace(struct task_struct *t)
+{
+ struct audit_context *context = current->audit_context;
+ unsigned len;
+ u32 sid;
+
+ context->target_pid = t->pid;
+
+ selinux_get_task_sid(t, &sid);
+ if (sid)
+ selinux_sid_to_string(sid, &context->obj_ctx, &len);
+}
Why did you choose to do the sid to string conversion at collection
time, rather than waiting for audit_log_exit? In other code like this
we've been delaying the memory alloc until logging, in case we never
need it.
Amy