[RFC][PATCH] collect security labels on user processes generating audit messages

Timothy R. Chavez tinytim at us.ibm.com
Wed Feb 22 17:14:38 UTC 2006


On Wed, 2006-02-22 at 09:21 -0500, Stephen Smalley wrote:
<snip>
> 
> > +u32 selinux_task_getsecid(struct task_struct *tsk)
> > +{
> > +	u32 sid = 0;
> > +
> > +	if (ss_initialized)
> > +		sid = ((struct task_security_struct *)tsk->security)->sid;
> > +	
> > +	return sid;
> > +}
> 
> You don't strictly need to check ss_initialized in this function; all
> tasks are assigned the kernel SID until policy is loaded, so you can
> always access the SID.  As a matter of style, I'd prefer an explicit
> task_security_struct* local variable with separate assignment, i.e.
> 	struct task_security_struct *tsec = tsk->security;
> 	sid = tsec->sid;
> 

Ok.  That change will appear in the patch I post against Darrel's work
once it goes upstream.

-tim




More information about the Linux-audit mailing list