[PATCH 2nd revision] Add SELinux context support to AUDIT target
Mr Dash Four
mr.dash.four at googlemail.com
Mon Jun 6 12:42:15 UTC 2011
> This is not any more leak than leaking the context string to user space as this patch
> attempts to do. The rest of the audit code does log the numeric representation when
> text fails.
>
There is no "leak" when the secctx is recorded in the audit log - it is
supposed to be there, if present (and retrievable). As for exposing the
(internal) numerical representation of the secctx - this was discussed
previously and the approach you are suggesting was dropped. To quote
Eric on this very issue "[It] exports the internal secid to userspace.
These are dynamic, can change on lsm changes, and have no meaning in
userspace. We should instead be sending lsm contexts to userspace instead.".
More information about the Linux-audit
mailing list