[RFC][PATCH] collect security labels on user processes generating audit messages
Stephen Smalley
sds at tycho.nsa.gov
Wed Feb 15 16:38:08 UTC 2006
On Wed, 2006-02-15 at 10:41 -0600, Timothy R. Chavez wrote:
> On Wed, 2006-02-15 at 11:17 -0500, Stephen Smalley wrote:
> > On Wed, 2006-02-15 at 09:49 -0600, Timothy R. Chavez wrote:
> > > This makes sense to me. I'll go ahead and make the change. I wouldn't
> > > even technically need the function or function call in my patch since
> > > selinux_available() simply returns ss_initialized.
> >
> > Well, I think we want to keep that variable private to the SELinux
> > "module". In the future, we'll likely add proper namespace prefixes to
> > all non-static SELinux symbols to avoid polluting the kernel namespace.
> >
>
> I think maybe I miscommunicated my intentions. If I move the check to
> determine whether or not SELinux is enabled into selinux_id_to_ctx(),
> then I can simply use ss_initialized directly rather then calling
> selinux_available(), as I'll be making the check within the SELinux
> "module" (selinux/exports.c).
Ah, ok - no problem then.
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list