[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: audit-ptrace patch (untested)



Alexander Viro wrote:  [Mon Mar 12 2007, 08:20:55AM EDT]
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 3599558..f489fed 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
<snip>
> +void __audit_ptrace(struct task_struct *t)
> +{
> +	struct audit_context *context = current->audit_context;
> +	unsigned len;
> +	u32 sid;
> +
> +	context->target_pid = t->pid;
> +
> +	selinux_get_task_sid(t, &sid);
> +	if (sid)
> +		selinux_sid_to_string(sid, &context->obj_ctx, &len);
> +}

Why did you choose to do the sid to string conversion at collection
time, rather than waiting for audit_log_exit?  In other code like this
we've been delaying the memory alloc until logging, in case we never
need it.

Amy


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]