Re: [PATCH 2nd revision] Add SELinux context support to AUDIT target
On Monday, June 06, 2011 07:22:43 PM Pablo Neira Ayuso wrote:
On 06/06/11 15:10, Mr Dash Four wrote:
>> Exactly my point. There is no leak if its text or numeric.
>
> No, there is no leak if it is a text, but there *is* a leak if it is a
> numeric. I think I've made that quite clear.
We don't use numeric secmark anymore in nf_conntrack. Not very familiar
with SELinux, but I remember that the convention was not to provide
internal numeric values.
All of the audit system records the numbers if conversion fails. We want it as
forensic evidence or troubleshooting information as the case may be.
-Steve