[PATCH] LSPP audit enablement: storing selinux ocontext and scontext
Timothy R. Chavez
tinytim at us.ibm.com
Thu Jul 28 15:27:39 UTC 2005
On Thursday 28 July 2005 09:49, Steve Grubb wrote:
> On Monday 25 July 2005 14:28, Dustin Kirkland wrote:
> > Bugs in the patch? I don't doubt you, I'm just curious... Can you
> > cite?
>
> Another issue...the patch is too eager to call audit_panic(). It is more
> correct to fail the syscall and let the app handle failure than bring the
> machine to its knees.
>
> -Steve
But audit_panic() doesn't just panic the system or it doesn't have to at
least. You're able to set the 'audit_failure' such that when audit_panic()
is called it can fail silently, print to syslog, or panic the system.
-tim
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> http://www.redhat.com/mailman/listinfo/linux-audit
>
>
More information about the Linux-audit
mailing list