[RFC][PATCH] collect security labels on user processes generating audit messages
Stephen Smalley
sds at tycho.nsa.gov
Wed Feb 15 20:06:24 UTC 2006
On Wed, 2006-02-15 at 12:38 -0600, Timothy R. Chavez wrote:
> A clumsy way of doing it would be to encode the file name "(null)" in
> hex. If it shows up at "(null)" in the log, then we know we meant NULL.
Yes, audit_log_untrustedstring could check for the <NULL> string or
whatever is used. But Steve indicated that file names are already being
quoted, so they can be distinguished as is.
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list