[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] collect security labels on user processes generating audit messages

On Thu, 9 Feb 2006, Timothy R. Chavez wrote:

> > Please look at the way I intend to export SELinux APIs in:
> > http://people.redhat.com/jmorris/selinux/skfilter/kernel/12-skfilter-selinux-exports.patch
> This looks good.  Do you have a schedule for releasing this?

No, it's blocked on some core netfilter changes.  I suggest following its 
format, though, if needed.

> > I wonder if it might be better to use the security context directly.
> >
> I think it'd be the simplest solution, but I was a bit weary about
> adding a string param... I thought using an integer might be the path of
> least resistance :)

As previousl mentioned, also consider adding a security blob to the 
netlink params.

> > security_task_getsid() doesn't exist.
> > 
> > You created security_task_getsecurity(), which retrieves the security
> > context.
> Actually, security_task_getsid() does exist (or did exist last time I
> updated the viro/audit-2.6 git tree).
> http://www.promethos.org/lxr/http/ident?i=security_task_getsid

Oh, ok.

Where is security_task_getsecurity() used, then?

- James
James Morris
<jmorris namei org>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]