From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: change lspp ipc auditing
Date: Fri, 31 Mar 2006 20:36:05 -0500
Message-ID: <200603312036.05547.sgrubb@redhat.com>
References: <200603311522.49811.sgrubb@redhat.com>
	<1143841138.17469.108.camel@moss-spartans.epoch.ncsc.mil>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <1143841138.17469.108.camel@moss-spartans.epoch.ncsc.mil>
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: sds@tycho.nsa.gov
Cc: redhat-lspp@redhat.com, linux-audit@redhat.com, James Morris <jmorris@namei.org>
List-Id: linux-audit@redhat.com

On Friday 31 March 2006 16:38, Stephen Smalley wrote:
> Why set it to 2? 

I sometimes like those things so that I can printk them during debug to see 
which one is doing it. If they were both a "1" there's no way to distinguish 
which one tripped it.

> BTW, I personally have no strong opinion on whether to call audit_panic
> in this case. 

My feeling is that calling audit_panic does no good. In the case of sendfile, 
the data has already left the box and panic helps nothing. What we need to do 
is figure out how to close the loop manually just in case this ever happens. 
Maybe this should be added to the agenda for Monday's lspp telecon?

Thanks,
-Steve