suspending a process when audit resource are not available

[Chris Wright]

* Mounir Bsaibes (bsaibes at us.ibm.com) wrote:
> One of the CAPP requirements and probably the LSPP as well is when audit 
> records cannot be generated, for a particular process, the process need to 
> be halted. the current audit system, depending on the failure flag can 
> either, 1) do nothing 2) print a kernel message or 3) issue a panic. I am 
> thinking of adding a 4) option for the failure flag  to suspend the 
> process. If the failure flag is set to "suspend" and the audit_log_lost 
> function is called the process will be suspended  by issuing a sigsuspend 
> call.

This adds a requirement to the calling location, namely that it can
sleep.  I don't think that requirement is safe without some code
auditing.  Also, I don't recall that all audit_log_lost callers are in
the relevant context.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net