[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH 3rd revision] Add SELinux context support to AUDIT target



On 6/8/2011 7:49 AM, Steve Grubb wrote:
> On Tuesday, June 07, 2011 06:32:35 AM Mr Dash Four wrote:
>> Add SELinux context support to AUDIT target - 3rd revision (style-type
>> changes made *only* since 2nd revision of this patch). Typical (raw
>> auditd) output after applying this patch would be:
> <snip> 
>
>> @@ -163,6 +170,15 @@ audit_tg(struct sk_buff *skb, const struct
>> xt_action_param *par) break;
>>  	}
>>
>> +#ifdef CONFIG_NF_CONNTRACK_SECMARK
>> +	if (skb->secmark) {
>> +	  	if (!security_secid_to_secctx(skb->secmark, &secctx, &len)) {
>> +			audit_log_format(ab, " obj=%s", secctx);
>> +			security_release_secctx(secctx, len);
>> +		}
> else
> 	audit_log_format(ab, " osid=%u", skb->secmark);
>
> _All_  audit code records the number on a failed conversion.

But it really shouldn't. An unconvertible secid is indicative
of a serious, unrecoverable failure within the LSM. It's every
bit as bad as an invalid pointer.

> -Steve
>
>
>> +	}
>> +#endif
>> +
>>  	audit_log_end(ab);
>>
>>  errout:
> --
> Linux-audit mailing list
> Linux-audit redhat com
> https://www.redhat.com/mailman/listinfo/linux-audit
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]