[PATCH 2nd revision] Add SELinux context support to AUDIT target
Mr Dash Four
mr.dash.four at googlemail.com
Mon Jun 6 12:25:56 UTC 2011
> Normally there would be an else here to do something like
> audit_log_format(ab, " osid=%u", skb->secmark);
> so that its recorded numerically if the context could not be looked up.
>
I disagree! That approach was dropped long ago when the secctx was first
introduced to prevent kernel information leaking into userspace (Eric
would know more about this as he designed that aspect of it a couple of
months ago). So the secctx is either present (and retrievable!) or not
present from the (xt_)audit point of view. For more information see
net/netfilter/nf_conntrack_standalone.c in the current nf-next tree.
In other words, no else is necessary.
More information about the Linux-audit
mailing list