audit-ptrace patch (untested)
Amy Griffis
amy.griffis at hp.com
Tue Mar 13 19:00:46 UTC 2007
Alexander Viro wrote: [Mon Mar 12 2007, 08:20:55AM EDT]
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 3599558..f489fed 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
<snip>
> +void __audit_ptrace(struct task_struct *t)
> +{
> + struct audit_context *context = current->audit_context;
> + unsigned len;
> + u32 sid;
> +
> + context->target_pid = t->pid;
> +
> + selinux_get_task_sid(t, &sid);
> + if (sid)
> + selinux_sid_to_string(sid, &context->obj_ctx, &len);
> +}
Why did you choose to do the sid to string conversion at collection
time, rather than waiting for audit_log_exit? In other code like this
we've been delaying the memory alloc until logging, in case we never
need it.
Amy
More information about the Linux-audit
mailing list