[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] LSPP audit enablement: storing selinux ocontext and scontext



On Tue, 2005-08-30 at 10:18 -0500, Dustin Kirkland wrote:
> Ok, then anyone who disagrees with failing the syscall speak up now...
> If this is the preferred operation, please say so.

I think we need to think through how this would work.  There are
multiple options, e.g.
1) Only audit-related interfaces for storing audit context information
that are called during syscall processing prior to any user-visible
state changes will handle failures in this manner.  Those functions will
_not_ call audit_panic and will return an error to the caller, and those
errors need to be propagated back to userspace.  It may be desirable to
have these functions log a warning (via printk) prior to returning the
error so that there is also a record of the issue for perusal by an
admin.  This should likely be configurable via auditctl.
2) All audit interfaces and functions will be reworked down to the
audit_panic level, with audit_panic changed to return a value and
internally changed to check new audit_failure flags to see whether it
should return an error or just 0, and if returning an error, whether it
should return the error silently or also log a message via printk.  All
call chains leading to audit_panic will then be changed to propagate
errors from it upward to the original caller.
   
-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]