[PATCH 1/2] SELinux Context Label based audit filtering
Amy Griffis
amy.griffis at hp.com
Fri Feb 17 17:43:25 UTC 2006
On Fri, Feb 17, 2006 at 12:08:11AM -0600, Dustin Kirkland wrote:
> Amy: In audit_data_to_entry(), you're using an effectively temporary
> char *path. I, too, needed a temporary string pointer, so I declared
> char *str and replaced your couple of instances of path with str. Let
> me know if this is ok by you. I couldn't very well call my temp string
> "path". And it didn't make much sense to me to declare another throwaway
> pointer.
Looks fine.
> There's a little code duplication with the audit_unpack_string too.
In order to eliminate that, we'd need something that ties the
AUDIT_SE_* and AUDIT_WATCH fields together as string fields. Given
that it's only four lines and only duplicated once, it might not be
worth it at this point. But if it's an indication we would want
userspace to provide, then we need to add it now.
> One last point... This patch only covers matching on process context.
You'll also need to add helpers for the new AUDIT_SE_* fields to be
used for rule listing and rule comparison.
Regards,
Amy
More information about the Linux-audit
mailing list