[PATCH 4th revision] Add SELinux context support to AUDIT target
Mr Dash Four
mr.dash.four at googlemail.com
Mon Jun 20 14:21:55 UTC 2011
> Do you think this should be hardcoded to be obj? Would we ever log the subj? Or should
> obj be part of the function name to make it clear which piece is getting logged?
>
I thought of that, though I don't know what variety of option names
would be there to be used with that function.
If there is a need to use something other than "obj", like, "subj" or
even "tcontext" or "scontext" for example, then I would favour passing
the option name as function parameter - something like "void
audit_log_secctx(struct audit_buffer *ab, char *secname, u32 secid)" or
even "void audit_log_secctx(struct audit_buffer *ab, int secname, u32
secid)" (secname here being one of 0, 1, 2 ... corresponding to "obj",
"subj" etc).
Similar approach is already used in audit.c - in audit_log_config_change
for example:
static int audit_log_config_change(char *function_name, int new, int
old, uid_t loginuid, u32 sessionid, u32 sid, int allow_changes)
{
struct audit_buffer *ab;
int rc = 0;
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name,
new, old, loginuid, sessionid);
More information about the Linux-audit
mailing list