On Tue, 2006-09-19 at 17:05 -0400, Amy Griffis wrote: > Steve Grubb wrote: [Mon Sep 18 2006, 08:13:40PM EDT] > > Please let me know if there are any problems with this release. > > I'm seeing some truncated audit records, e.g. > > type=DAEMON_END msg=audit(1158669003.740:6165) auditd normal halt, > sending auid=1001 pid=32268 subj=user_u:system_r:initrc_t:s0 res=suc > > which should continue with something like > > cess, auditd pid=6785 > > There are some static buffer sizes in auditd.c that look way too small > given that libselinux defines the max context size as > > #define DEFAULT_CONTEXT_SIZE 255 > > I think this is an existing problem, and not new to 1.2.7.
SELinux userland code isn't supposed to assume any fixed max. libselinux does use an initial buffer size as a starting point when calling e.g. getxattr, but will resize the buffer to a larger size if necessary. -- Stephen Smalley National Security Agency -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
