Hi,
While testing the watch performance, I noticed that selinux_task_ctxid() was
creeping into the results more than it should. Investigation showed that the
function call was being called whether it was needed or not. The below patch
fixes this.
Signed-off-by: Steve Grubb
diff -ur linux-2.6.16.x86_64.orig/kernel/auditsc.c
linux-2.6.16.x86_64/kernel/auditsc.c
--- linux-2.6.16.x86_64.orig/kernel/auditsc.c 2006-04-08 16:28:16.000000000
-0400
+++ linux-2.6.16.x86_64/kernel/auditsc.c 2006-04-08 16:33:33.000000000
-0400
@@ -190,9 +190,6 @@
enum audit_state *state)
{
int i, j;
- u32 sid;
-
- selinux_task_ctxid(tsk, &sid);
for (i = 0; i < rule->field_count; i++) {
struct audit_field *f = &rule->fields[i];
@@ -295,11 +292,15 @@
match for now to avoid losing information that
may be wanted. An error message will also be
logged upon error */
- if (f->se_rule)
+ if (f->se_rule) {
+ u32 sid;
+
+ selinux_task_ctxid(tsk, &sid);
result = selinux_audit_rule_match(sid, f->type,
f->op,
f->se_rule,
ctx);
+ }
break;
case AUDIT_ARG0:
case AUDIT_ARG1:
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
