On 3/31/06, Steve Grubb <[EMAIL PROTECTED]> wrote: > The patch below converts IPC auditing to collect sid's and convert to context > string only if it needs to output an audit record. This patch depends on the > inode audit change patch already being applied.
Looks pretty much like the version of this I submitted last night. It looks fine to me. Point of clarification, though... We need to simplify for Al *exactly* what needs to be applied. There's a gang of patches flying around with IPC in the subject under multiple different threads, most of which are redundant. As I see it there are two things that needs to happen with respect to IPC auditing... (1) Steve's patch above (or my patch from last night) eliminates the char *ctx strings in the ipc audit records resulting in improved performance (and eliminating the memory leaks that resurrected this code a month ago) (2) My ipc audit rework patch that splits the ipc audit functions into two separate functions, each recording something different... One audits the ipc object itself (which is what will record the SELinux context sid. And the second is called when permissions are changed on an ipc object (happens in IPC_SET operations). Steve has recommended a minor change to the naming of the audit record type from AUDIT_IPC_NEW_PERM to AUDIT_IPC_SET_PERM. That's acceptable by me. I'll repost this patch very soon. :-Dustin -- Linux-audit mailing list [EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/linux-audit
