From mboxrd@z Thu Jan  1 00:00:00 1970
From: Amy Griffis <amy.griffis@hp.com>
Subject: Re: audit-ptrace patch (untested)
Date: Tue, 13 Mar 2007 15:00:46 -0400
Message-ID: <20070313190046.GA18105@fc.hp.com>
References: <20070305145025.GC19390@devserv.devel.redhat.com>
	<1173192374.15967.115.camel@moss-spartans.epoch.ncsc.mil>
	<20070307031308.GA12417@devserv.devel.redhat.com>
	<1173271948.2050.17.camel@moss-spartans.epoch.ncsc.mil>
	<20070312122055.GC12417@devserv.devel.redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Return-path: <linux-audit-bounces@redhat.com>
Content-Disposition: inline
In-Reply-To: <20070312122055.GC12417@devserv.devel.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Alexander Viro <aviro@redhat.com>
Cc: Eric Paris <eparis@parisplace.org>, linux-audit@redhat.com, James Morris <jmorris@namei.org>
List-Id: linux-audit@redhat.com

Alexander Viro wrote:  [Mon Mar 12 2007, 08:20:55AM EDT]
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 3599558..f489fed 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
<snip>
> +void __audit_ptrace(struct task_struct *t)
> +{
> +	struct audit_context *context = current->audit_context;
> +	unsigned len;
> +	u32 sid;
> +
> +	context->target_pid = t->pid;
> +
> +	selinux_get_task_sid(t, &sid);
> +	if (sid)
> +		selinux_sid_to_string(sid, &context->obj_ctx, &len);
> +}

Why did you choose to do the sid to string conversion at collection
time, rather than waiting for audit_log_exit?  In other code like this
we've been delaying the memory alloc until logging, in case we never
need it.

Amy