On Friday 20 March 2009 04:53:27 am Miloslav Trmac wrote: > ----- "Paul Moore" <[email protected]> wrote: > > There are several audit experts which should review this code but two > > things jumped out at me when glancing at your patch: > > > > 1. SELinux SIDs should not be recorded > > Almost all code that logs SELinux contexts in kernel/audit* does the same > thing as this patch, falling back to a SID if it can't be converted to a > string.
Ungh, that's ugly and questionably useful (I suppose I know why this is done) but if that convention then who am I to argue. > > 2. From a SELinux/security point of view ttys are considered objects > > and their labels/contexts should be recorded with "obj=" not > > "subj=" > > The patch logs the context of the process, not of the TTY. Okay, that is what I get for just glancing at patches and not looking at them closer :) -- paul moore linux @ hp -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
