[RFC][PATCH] collect security labels on user processes generating audit messages
Stephen Smalley
sds at tycho.nsa.gov
Thu Feb 9 17:43:55 UTC 2006
On Thu, 2006-02-09 at 10:15 -0500, James Morris wrote:
> On Thu, 9 Feb 2006, James Morris wrote:
>
> > You also need to verify the policy serial number.
> >
> > I wonder if it might be better to use the security context directly.
>
> Also consider adding a security field to netlink messages, to managed by
> the LSM.
A generic security blob would require full lifecycle maintenance,
including the old sk hooks that were rejected for 2.5. I also think it
is a mistake to generalize the audit system's use of SELinux, as I don't
think that any other LSM is likely to provide LSPP functionality, so we
might as well just convert all of these audit-SELinux interfaces into
direct SELinux calls IMHO. At least in the long term if not
immediately.
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list