Re: [PATCH] improved xfrm_audit_log() patch
From: Joy Latten <latten(a)austin.ibm.com>
Date: Thu, 23 Aug 2007 12:15:10 -0500
For example, when auditing the addition of a policy, either
xfrm_user_audit_policy_add(xp, result, skb) or
pfkey_audit_policy_add(xp, result) will get called.
I need two because xfrm_user gets loginuid/secid from netlink/skb
and pfkey gets it from audit_get_loginuid().
Each will setup and format audit buffer according
to what they want.
Also, for deleting, there will be pfkey_audit_policy_delete(xp, result)
and xfrm_user_audit_policy_delete(xp, result, skb).
This sounds great.
How cheap is the "auditing enabled" test? Perhaps it can
be even inlined into the xfrm audit hooks.