how is this error preserved in the audit trail?
Look at my patch again - if the secctx cannot be retrieved, either
because a) it does not exists; or b) because of internal error or
otherwise, then it is not logged in the audit log as part of the
NETFILTER_PKT message (the fact there is internal LSM error has
absolutely nothing to do with a netfilter packet!).
If, internally (upon calling security_secid_to_secctx) there is a
decision to handle that *internal* error in one way or another so be it,
but as far as my patch goes - there is no secctx if that function
returns nothing and I think that is the right think to do.
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
