Re: [PATCH] LSPP audit enablement: storing selinux ocontext and scontext

Thursday, 28 July 2005

On Thursday 28 July 2005 14:13, Steve Grubb wrote:
...
 On Thursday 28 July 2005 14:48, Timothy R. Chavez wrote:
 > How does it "retry"?

 If there is no memory, the operation should fail.

 > If you do "mkdir /tmp/foo" and "foo" is being watched 
 > and we failed to allocate the memory to place on the audit context, "foo"
 > gets created and no record is generated.

 mkdir should return -ENOMEM and the dir should not be created. You can't let 
 the directory be created if the intention was to watch for that and you can't 
 record the requested event. The user should see the operation failed and try 
 to make the directory again.

To do this we'd need two hooks.  One to allocate the watch info for the context
before the creation of the inode and then one to fill it out upon success or
free it on failure.  Or, we can just use audit_panic :)

-tim

...
 -Steve

 --
 Linux-audit mailing list
 Linux-audit(a)redhat.com
 http://www.redhat.com/mailman/listinfo/linux-audit

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [PATCH] LSPP audit enablement: storing selinux ocontext and scontext