Mr Dash Four wrote:
Logging the internal numerical representation of secctx is, as I have
already stated about 3 times by now, exposing internal
(private-to-the-kernel-only) information to userspace. That cannot be
allowed.
Besides, this numerical representation isn't reliable - these numbers
are dynamic and can change - another reason why they should not be
allowed to be present in the audit log. What happens if I make changes
to my security policy and then run ausearch/aureport? I am either
going to see different (wrong!) context reported if ausearch/aureport
attempts to "convert" those numbers into SELinux context, or, I am
going to see meaningless numbers. Either way, useless or misleading
information is going to be reported and we don't want that, do we?
else
audit_log_format(ab, " osid=%u", skb->secmark);
_All_ audit code records the number on a failed conversion.
I am assuming you haven't read the above. Show me one good reason why I
should alter my patch to include that abomination of yours?
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
