Steve Grubb wrote:
On Tuesday 26 August 2008 15:55:51 Stephen Smalley wrote:
On Tue, 2008-08-26 at 15:34 -0400, Steve Grubb wrote:
On Monday 18 August 2008 06:04:25 Chu Li wrote:
I have made a patch for "Fixme add subj" in auditd.c. This is for the
latest codes.
Now that the audit svn is open for new work...I started to apply this
patch. But then I got to thinking about SMACK. It probably does not like
us to get selinux labels. I was wondering if we need to try to get its
label, too? And I was wondering if both SE Linux and SMACK could be
running at the same time? If they can, do we collect both labels?
They are exclusive of one another, and they both provide the process
label via /proc/pid/attr/current. libselinux wraps that kernel
interface with getcon() (for current context) and getpidcon() (for
context of a given pid), which internally handle the allocation of the
buffer and will deal with label translation if using mcstransd.
So if you want the code to work with either, you'd directly
read /proc/pid/attr/current and display the resulting string. If you
want to be SELinux-specific and include functionality like MLS label
translation, you'd use getpidcon(3).
Thanks, that's very helpful. I think we want the raw data and then do context
translations later in the parsing library if someone asks for it
That works for Smack.
Thank you.
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
