From mboxrd@z Thu Jan 1 00:00:00 1970 From: Linda Knippers Subject: Re: [PATCH] IPC_SET_PERM cleanup Date: Fri, 05 May 2006 16:59:49 -0400 Message-ID: <445BBCC5.3010306@hp.com> References: <445BB351.2040303@hp.com> <200605051642.05999.sgrubb@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <200605051642.05999.sgrubb@redhat.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Steve Grubb Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com Steve Grubb wrote: > On Friday 05 May 2006 16:19, Linda Knippers wrote: > >>- if (axi->osid != 0) { >>- char *ctx = NULL; >>- u32 len; >>- if (selinux_ctxid_to_string( >>- axi->osid, &ctx, &len)) { >>- audit_log_format(ab, " osid=%u", >>- axi->osid); >>- call_panic = 1; >>- } else >>- audit_log_format(ab, " obj=%s", >>ctx); - kfree(ctx); >>- } > > > This patch deletes the context string out of this record. Are we losing > anything important? I don't think so. I don't think the IPC_SET operations change the sid (at least I don't see it in the code) so its redundant with the obj information that's in the IPC record. If I'm missing it, I hope someone will point it out to me. If an IPC_SET can change the sid, then we'll have to move all the calls to audit_ipc_set_perm() so that we get the new obj information in the success case and don't lose the entire record in the failure case. -- ljk