[PATCH 3rd revision] Add SELinux context support to AUDIT target
Casey Schaufler
casey at schaufler-ca.com
Wed Jun 8 18:13:18 UTC 2011
On 6/8/2011 7:49 AM, Steve Grubb wrote:
> On Tuesday, June 07, 2011 06:32:35 AM Mr Dash Four wrote:
>> Add SELinux context support to AUDIT target - 3rd revision (style-type
>> changes made *only* since 2nd revision of this patch). Typical (raw
>> auditd) output after applying this patch would be:
> <snip>
>
>> @@ -163,6 +170,15 @@ audit_tg(struct sk_buff *skb, const struct
>> xt_action_param *par) break;
>> }
>>
>> +#ifdef CONFIG_NF_CONNTRACK_SECMARK
>> + if (skb->secmark) {
>> + if (!security_secid_to_secctx(skb->secmark, &secctx, &len)) {
>> + audit_log_format(ab, " obj=%s", secctx);
>> + security_release_secctx(secctx, len);
>> + }
> else
> audit_log_format(ab, " osid=%u", skb->secmark);
>
> _All_ audit code records the number on a failed conversion.
But it really shouldn't. An unconvertible secid is indicative
of a serious, unrecoverable failure within the LSM. It's every
bit as bad as an invalid pointer.
> -Steve
>
>
>> + }
>> +#endif
>> +
>> audit_log_end(ab);
>>
>> errout:
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
More information about the Linux-audit
mailing list