On Fri, Aug 30, 2013 at 01:37:09PM -0700, John Johansen wrote:
On 08/30/2013 12:56 PM, Richard Guy Briggs wrote:
> On Tue, Aug 27, 2013 at 07:21:55PM +0200, Oleg Nesterov wrote:
>> On 08/20, Richard Guy Briggs wrote:
> Most of the instances are current, but the one called from apparmour is
> stored. I've just learned that this is bad and someone else just chimed
> in that they have a patch to remove it...
the apparmor case isn't actually stored long term. The stored task will be
a parameter that was passed into an lsm hook and the buffer that it is
stored in dies before the hook is done. Its temporarily stored in the
struct so that it can be passed into the lsm_audit fn, and printed into an
allocated audit buffer. The text version in the audit buffer is what will
exist beyond the hook.
There are three patches, I'll reply them below once I have finished rebasing
them to apply to the current tree instead of my dev tree.
John, thanks for this context and fix. That helps simplify things.
- RGB
--
Richard Guy Briggs <rbriggs(a)redhat.com>
Senior Software Engineer
Kernel Security
AMER ENG Base Operating Systems
Remote, Ottawa, Canada
Voice: +1.647.777.2635
Internal: (81) 32635
Alt: +1.613.693.0684x3545