From: Eric Paris <eparis@parisplace.org>
To: Mr Dash Four <mr.dash.four@googlemail.com>
Cc: Steve Grubb <sgrubb@redhat.com>,
linux-audit@redhat.com, netfilter-devel@vger.kernel.org,
Thomas Graf <tgraf@redhat.com>, Al Viro <viro@zeniv.linux.org.uk>,
Patrick McHardy <kaber@trash.net>,
Pablo Neira Ayuso <pablo@netfilter.org>
Subject: Re: [PATCH 4th revision] Add SELinux context support to AUDIT target
Date: Mon, 20 Jun 2011 10:27:08 -0400 [thread overview]
Message-ID: <BANLkTi=Ls8Xnqa6ZF+Qwg_yyUH4Yxbgijg@mail.gmail.com> (raw)
In-Reply-To: <4DFF5783.3070808@googlemail.com>
On Mon, Jun 20, 2011 at 10:21 AM, Mr Dash Four
<mr.dash.four@googlemail.com> wrote:
>
>> Do you think this should be hardcoded to be obj? Would we ever log the
>> subj? Or should obj be part of the function name to make it clear which
>> piece is getting logged?
>>
>
> I thought of that, though I don't know what variety of option names would be
> there to be used with that function.
>
> If there is a need to use something other than "obj", like, "subj" or even
> "tcontext" or "scontext" for example, then I would favour passing the option
> name as function parameter - something like "void audit_log_secctx(struct
> audit_buffer *ab, char *secname, u32 secid)" or even "void
> audit_log_secctx(struct audit_buffer *ab, int secname, u32 secid)" (secname
> here being one of 0, 1, 2 ... corresponding to "obj", "subj" etc).
>
> Similar approach is already used in audit.c - in audit_log_config_change for
> example:
>
> static int audit_log_config_change(char *function_name, int new, int old,
> uid_t loginuid, u32 sessionid, u32 sid, int allow_changes)
> {
> struct audit_buffer *ab;
> int rc = 0;
>
> ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
> audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,
> old, loginuid, sessionid);
Hard code for now. %s in audit record building is the devil since
there is no enforcement of audit's rather 'special' string encoding
rules. If we need another name later we'll cross that bridge when we
get there, possibly with another helper function and pushing the %s to
a static function inside audit. I will not willing expose %s to code
outside of audit.c.
Acked-by: Eric Paris <eparis@redhat.com>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-06-20 14:27 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-20 1:09 [PATCH] Add SELinux context support to AUDIT target Mr Dash Four
2011-05-26 16:49 ` Pablo Neira Ayuso
2011-05-26 17:03 ` Mr Dash Four
2011-05-26 17:44 ` Pablo Neira Ayuso
2011-06-04 15:12 ` [PATCH 2nd revision] " Mr Dash Four
2011-06-05 23:06 ` Pablo Neira Ayuso
2011-06-06 12:02 ` Mr Dash Four
2011-06-06 23:20 ` Pablo Neira Ayuso
2011-06-07 8:18 ` Mr Dash Four
2011-06-07 9:12 ` Pablo Neira Ayuso
2011-06-07 10:32 ` [PATCH 3rd " Mr Dash Four
2011-06-08 14:49 ` Steve Grubb
2011-06-08 16:12 ` Mr Dash Four
2011-06-08 17:14 ` Steve Grubb
2011-06-08 18:04 ` Mr Dash Four
2011-06-08 18:13 ` Casey Schaufler
2011-06-08 18:33 ` Eric Paris
2011-06-08 19:00 ` Mr Dash Four
2011-06-08 19:08 ` Eric Paris
2011-06-08 19:14 ` Mr Dash Four
2011-06-08 19:28 ` Steve Grubb
2011-06-08 19:39 ` Eric Paris
2011-06-09 12:28 ` Patrick McHardy
2011-06-09 12:52 ` Eric Paris
2011-06-09 12:56 ` Patrick McHardy
2011-06-09 14:08 ` Mr Dash Four
2011-06-09 15:06 ` Eric Paris
2011-06-09 15:16 ` Mr Dash Four
2011-06-16 8:36 ` Mr Dash Four
2011-06-18 12:08 ` [PATCH 4th " Mr Dash Four
2011-06-20 12:20 ` Steve Grubb
2011-06-20 14:21 ` Mr Dash Four
2011-06-20 14:27 ` Eric Paris [this message]
2011-06-30 11:35 ` Patrick McHardy
2011-06-08 18:36 ` [PATCH 3rd " Steve Grubb
2011-06-08 18:45 ` Mr Dash Four
2011-06-06 12:14 ` [PATCH 2nd " Steve Grubb
2011-06-06 12:25 ` Mr Dash Four
2011-06-06 12:30 ` Steve Grubb
2011-06-06 12:42 ` Mr Dash Four
2011-06-06 12:53 ` Steve Grubb
2011-06-06 13:10 ` Mr Dash Four
2011-06-06 23:22 ` Pablo Neira Ayuso
2011-06-07 0:59 ` Steve Grubb
2011-06-07 1:23 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='BANLkTi=Ls8Xnqa6ZF+Qwg_yyUH4Yxbgijg@mail.gmail.com' \
--to=eparis@parisplace.org \
--cc=kaber@trash.net \
--cc=linux-audit@redhat.com \
--cc=mr.dash.four@googlemail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=sgrubb@redhat.com \
--cc=tgraf@redhat.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).