[RFC][PATCH] collect security labels on user processes generating audit messages

[Stephen Smalley]

On Wed, 2006-02-15 at 12:38 -0600, Timothy R. Chavez wrote:
> A clumsy way of doing it would be to encode the file name "(null)" in
> hex.  If it shows up at "(null)" in the log, then we know we meant NULL.

Yes, audit_log_untrustedstring could check for the <NULL> string or
whatever is used.  But Steve indicated that file names are already being
quoted, so they can be distinguished as is.

-- 
Stephen Smalley
National Security Agency