[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] LSPP audit enablement: storing selinux ocontext and scontext



On Tue, Aug 30, 2005 at 01:43:20PM -0500, Timothy R. Chavez wrote:
> But that's just it, if you're not careful when issueing a panic, there _is_ a
> potential of record lossage.  Take for instance this case:
> 
> 	We're in context of a "mkdir()" system call.  We've determined that
> 	this inode is watched, so then we allocate audit_aux_data memory
> 	for it to place on the audit context.  The only problem is that we fail
> 	this memory allocation.  Since the inode has already been created,
> 	if we panic the system, there will be no record of the transaction.

This situation could be avoided in the current implementation by
making use of the 20 statically allocated audit_names structs included
in the audit_context.

Amy


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]