[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] LSPP audit enablement: storing selinux ocontext and scontext



On Fri, Oct 07, 2005 at 01:24:13PM -0500, Dustin Kirkland wrote:
> I'm addressing Amy's concerns and attaching an updated patch with the
> editions discussed inline.

In an IRC discussion about IPC object audit today, Chris Wright mentioned
that he's concerned about multiple or missing records and also general
code aesthetics.

I'm not very familiar with the code, but I think it may be an option to
put the hooks in the *_checkid() and *get() functions instead of hooking
ipcperm(), those seem to be used more consistently. It would mean a
minimal slowdown in non-permission-checking calls as a tradeoff for
a cleaner interface, assuming that this would indeed get rid of
duplication.

-Klaus


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]