Re: audit 1.2.7 released
On Tue, 2006-09-19 at 17:05 -0400, Amy Griffis wrote:
Steve Grubb wrote: [Mon Sep 18 2006, 08:13:40PM EDT]
> Please let me know if there are any problems with this release.
I'm seeing some truncated audit records, e.g.
type=DAEMON_END msg=audit(1158669003.740:6165) auditd normal halt,
sending auid=1001 pid=32268 subj=user_u:system_r:initrc_t:s0 res=suc
which should continue with something like
cess, auditd pid=6785
There are some static buffer sizes in auditd.c that look way too small
given that libselinux defines the max context size as
#define DEFAULT_CONTEXT_SIZE 255
I think this is an existing problem, and not new to 1.2.7.
SELinux userland code isn't supposed to assume any fixed max.
libselinux does use an initial buffer size as a starting point when
calling e.g. getxattr, but will resize the buffer to a larger size if
necessary.
--
Stephen Smalley
National Security Agency