On 03/27/2014 01:20 PM, Richard Guy Briggs wrote: > On 14/03/12, James Morris wrote: >> On Tue, 11 Mar 2014, Tetsuo Handa wrote: >> >>> And the same phrase goes to James Morris... >>> >>> If you are sure that it is safe to use get_task_comm() from >>> dump_common_audit_data() and you prefer locked version, please pick up below >>> patch via your git tree. >>> >>> If you are unsure or prefer lockless version, I'll make a lockless version >>> using do_get_task_comm() proposed in this thread. >> >> If you can't understand whether your patch is correct or not, don't ask me >> to apply it to my tree. >> >> If you're unsure, get it reviewed first. > > Steve (see https://lkml.org/lkml/2014/3/11/218 ) and James, > > Are the labels on data output in LSM_AUDIT_DATA_TASK even right? The > general case gives pid and comm of current. Then the > LSM_AUDIT_DATA_TASK case gives pid and comm from the task handed in in > the struct common_audit_data pointer. They are a duplicate of the > general case without generating a new message. I expect this will cause > ausearch to ignore those latter two fields. Should the latter two be > renamed to something like ad_pid= and ad_comm= ?
Hmmm..only seems to be used by Smack. SELinux had a tsk field in common_audit_data that was removed by b466066. This other tsk field seems to have been added for Smack by 6e837fb. That said, it would be nice to have pid/comm info for the target of a signal check as well as current. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/