On 14/01/07, Stephan Mueller wrote: > Am Freitag, 20. Dezember 2013, 22:32:29 schrieb Richard Guy Briggs: > > Hi Richard, > > >Log the namespace details of a task. > >--- > > > >Does anyone have comments on this patch? > > > >I'm looking for guidance on which types of messages should have > >namespace information included. I've included too many, I suspect. > > > >I also wonder if displaying these inode numbers in hexadecimal makes > >more sense than decimal, since they are all based around 0xF0000000. > >These are all with reference to the proc filesystem, so a device > >number should not be necessary to qualify them. > > I have a general question: why do you sprinkle so many callbacks to > audit_log_namespace_info throughout the code? As namespaces apply only > to the acting entities, i.e. the processes, wouldn't it be sufficient > to only add it to audit_log_task_context? So, everywhere where the > context is needed in the audit trail, we log something about the > credentials of the process.
Yes, your suggestion is much cleaner. This was some of the lingering doubt I had about where to add it. While reviewing, I found a duplicate when called from audit_log_pid_context(). I also found a couple of functions that don't have sufficient logging coverage (audit_log_feature_change and audit_log_set_loginuid). Thanks for the helpful review! > Stephan - RGB -- Richard Guy Briggs <[email protected]> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
