Right, so the function you suggested yesterday (audit_log_secctx) should be
added in audit.c in its entirety, and xt_AUDIT.c should just have something
like:
#ifdef CONFIG_NF_CONNTRACK_SECMARK
if (skb->secmark)
audit_log_secctx(ab,skb->secmark);
#endif
Thus, discarding the result (rc), unless we are interested in the error
code, which I don't think is the case here. Would everyone be happy with
this?
Actually just make it a void function as I don't think anyone
would/could/should make use of the return value.
In other words (audit.c) - N.B. the change from "subj" to "obj" as per
Steve's suggestion a while ago:
void audit_log_secctx(struct auditbuffer *ab, u32 secid)
{
int len;
char *ctx;
if (security_secid_to_secctx(sid, &ctx, &len)) {
audit_panic("Cannot convert secid to context");
} else {
audit_log_format(ab, " obj=%s", ctx);
security_release_secctx(ctx, len);
}
}
And xt_AUDIT.c stays as per my suggestion above. Should I assume that
gets the "go" from everyone concerned?
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
