From mboxrd@z Thu Jan  1 00:00:00 1970
From: Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH]Fix me add subj
Date: Wed, 27 Aug 2008 14:26:13 -0700
Message-ID: <48B5C675.6010307@schaufler-ca.com>
References: <006001c90119$cb3a5e20$958da70a@truly>
	<200808261534.44590.sgrubb@redhat.com>
	<1219780551.2721.261.camel@moss-spartans.epoch.ncsc.mil>
	<200808261608.36217.sgrubb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m7RLQa1u021759
	for <linux-audit@redhat.com>; Wed, 27 Aug 2008 17:26:37 -0400
Received: from smtp103.prem.mail.sp1.yahoo.com
	(smtp103.prem.mail.sp1.yahoo.com [98.136.44.58])
	by mx3.redhat.com (8.13.8/8.13.8) with SMTP id m7RLQNiL011594
	for <linux-audit@redhat.com>; Wed, 27 Aug 2008 17:26:23 -0400
In-Reply-To: <200808261608.36217.sgrubb@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Steve Grubb <sgrubb@redhat.com>
Cc: 'linux-audit' <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

Steve Grubb wrote:
> On Tuesday 26 August 2008 15:55:51 Stephen Smalley wrote:
>   
>> On Tue, 2008-08-26 at 15:34 -0400, Steve Grubb wrote:
>>     
>>> On Monday 18 August 2008 06:04:25 Chu Li wrote:
>>>       
>>>>   I have made a patch for "Fixme add subj" in auditd.c. This is for the
>>>> latest codes.
>>>>         
>>> Now that the audit svn is open for new work...I started to apply this
>>> patch. But then I got to thinking about SMACK. It probably does not like
>>> us to get selinux labels. I was wondering if we need to try to get its
>>> label, too? And I was wondering if both SE Linux and SMACK could be
>>> running at the same time? If they can, do we collect both labels?
>>>       
>> They are exclusive of one another, and they both provide the process
>> label via /proc/pid/attr/current.  libselinux wraps that kernel
>> interface with getcon() (for current context) and getpidcon() (for
>> context of a given pid), which internally handle the allocation of the
>> buffer and will deal with label translation if using mcstransd.
>>
>> So if you want the code to work with either, you'd directly
>> read /proc/pid/attr/current and display the resulting string.  If you
>> want to be SELinux-specific and include functionality like MLS label
>> translation, you'd use getpidcon(3).
>>     
>
> Thanks, that's very helpful. I think we want the raw data and then do context 
> translations later in the parsing library if someone asks for it

That works for Smack.

Thank you.