From: Patrick McHardy <kaber@trash.net>
To: Eric Paris <eparis@parisplace.org>
Cc: Mr Dash Four <mr.dash.four@googlemail.com>,
Steve Grubb <sgrubb@redhat.com>,
linux-audit@redhat.com, netfilter-devel@vger.kernel.org,
Thomas Graf <tgraf@redhat.com>, Al Viro <viro@zeniv.linux.org.uk>,
Pablo Neira Ayuso <pablo@netfilter.org>
Subject: Re: [PATCH 4th revision] Add SELinux context support to AUDIT target
Date: Thu, 30 Jun 2011 13:35:10 +0200 [thread overview]
Message-ID: <4E0C5F6E.4000005@trash.net> (raw)
In-Reply-To: <BANLkTi=Ls8Xnqa6ZF+Qwg_yyUH4Yxbgijg@mail.gmail.com>
Am 20.06.2011 16:27, schrieb Eric Paris:
> On Mon, Jun 20, 2011 at 10:21 AM, Mr Dash Four
> <mr.dash.four@googlemail.com> wrote:
>> >
>>> >> Do you think this should be hardcoded to be obj? Would we ever log the
>>> >> subj? Or should obj be part of the function name to make it clear which
>>> >> piece is getting logged?
>>> >>
>> >
>> > I thought of that, though I don't know what variety of option names would be
>> > there to be used with that function.
>> >
>> > If there is a need to use something other than "obj", like, "subj" or even
>> > "tcontext" or "scontext" for example, then I would favour passing the option
>> > name as function parameter - something like "void audit_log_secctx(struct
>> > audit_buffer *ab, char *secname, u32 secid)" or even "void
>> > audit_log_secctx(struct audit_buffer *ab, int secname, u32 secid)" (secname
>> > here being one of 0, 1, 2 ... corresponding to "obj", "subj" etc).
>> >
>> > Similar approach is already used in audit.c - in audit_log_config_change for
>> > example:
>> >
>> > static int audit_log_config_change(char *function_name, int new, int old,
>> > uid_t loginuid, u32 sessionid, u32 sid, int allow_changes)
>> > {
>> > struct audit_buffer *ab;
>> > int rc = 0;
>> >
>> > ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
>> > audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,
>> > old, loginuid, sessionid);
> Hard code for now. %s in audit record building is the devil since
> there is no enforcement of audit's rather 'special' string encoding
> rules. If we need another name later we'll cross that bridge when we
> get there, possibly with another helper function and pushing the %s to
> a static function inside audit. I will not willing expose %s to code
> outside of audit.c.
>
> Acked-by: Eric Paris <eparis@redhat.com>
>
Applied, thanks.
I had to fix some overly long lines and whitespace errors in the
patch and the commit message to contain a subject and not have the
entire text contained in two lines.
Please be more careful of this next time.
next prev parent reply other threads:[~2011-06-30 11:35 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-20 1:09 [PATCH] Add SELinux context support to AUDIT target Mr Dash Four
2011-05-26 16:49 ` Pablo Neira Ayuso
2011-05-26 17:03 ` Mr Dash Four
2011-05-26 17:44 ` Pablo Neira Ayuso
2011-06-04 15:12 ` [PATCH 2nd revision] " Mr Dash Four
2011-06-05 23:06 ` Pablo Neira Ayuso
2011-06-06 12:02 ` Mr Dash Four
2011-06-06 23:20 ` Pablo Neira Ayuso
2011-06-07 8:18 ` Mr Dash Four
2011-06-07 9:12 ` Pablo Neira Ayuso
2011-06-07 10:32 ` [PATCH 3rd " Mr Dash Four
2011-06-08 14:49 ` Steve Grubb
2011-06-08 16:12 ` Mr Dash Four
2011-06-08 17:14 ` Steve Grubb
2011-06-08 18:04 ` Mr Dash Four
2011-06-08 18:13 ` Casey Schaufler
2011-06-08 18:33 ` Eric Paris
2011-06-08 19:00 ` Mr Dash Four
2011-06-08 19:08 ` Eric Paris
2011-06-08 19:14 ` Mr Dash Four
2011-06-08 19:28 ` Steve Grubb
2011-06-08 19:39 ` Eric Paris
2011-06-09 12:28 ` Patrick McHardy
2011-06-09 12:52 ` Eric Paris
2011-06-09 12:56 ` Patrick McHardy
2011-06-09 14:08 ` Mr Dash Four
2011-06-09 15:06 ` Eric Paris
2011-06-09 15:16 ` Mr Dash Four
2011-06-16 8:36 ` Mr Dash Four
2011-06-18 12:08 ` [PATCH 4th " Mr Dash Four
2011-06-20 12:20 ` Steve Grubb
2011-06-20 14:21 ` Mr Dash Four
2011-06-20 14:27 ` Eric Paris
2011-06-30 11:35 ` Patrick McHardy [this message]
2011-06-08 18:36 ` [PATCH 3rd " Steve Grubb
2011-06-08 18:45 ` Mr Dash Four
2011-06-06 12:14 ` [PATCH 2nd " Steve Grubb
2011-06-06 12:25 ` Mr Dash Four
2011-06-06 12:30 ` Steve Grubb
2011-06-06 12:42 ` Mr Dash Four
2011-06-06 12:53 ` Steve Grubb
2011-06-06 13:10 ` Mr Dash Four
2011-06-06 23:22 ` Pablo Neira Ayuso
2011-06-07 0:59 ` Steve Grubb
2011-06-07 1:23 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E0C5F6E.4000005@trash.net \
--to=kaber@trash.net \
--cc=eparis@parisplace.org \
--cc=linux-audit@redhat.com \
--cc=mr.dash.four@googlemail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=sgrubb@redhat.com \
--cc=tgraf@redhat.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.