[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] context based audit filtering (take 3)



On Thu, 2006-02-23 at 17:31 -0600, Darrel Goeddel wrote:
> Stephen Smalley wrote:
> > On Tue, 2006-02-21 at 17:59 -0600, Darrel Goeddel wrote:
> > 
> >>The updated version of Dustin's patch I referred to is below.  The changes are
> >>are follows:
> >>
> >>- printk a warning and ignore invalid selinux rules (but still hang on to them
> >>  so they may be activated with a later policy reload).
> > 
> > 
> > Should this be a printk or an audit_log call?
> 
> Steve G had suggested syslogging it, so I went with the printk.  What would
> be more noticeable?

Anything user-triggerable should likely be using audit_log.  Internal
kernel errors reflecting a bug within the kernel might still use
printk(KERN_ERR...).  But I think we want to migrate SELinux and audit
over to using audit_log whenever possible, only using printk as the
fallback for things like audit_panic, no audit daemon, etc.

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]