SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: [RFC][PATCH] collect security labels on user processes generating audit messages This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Linda Knippers <linda.knippers_at_hp.com> Date: Wed, 15 Feb 2006 11:14:12 -0500 > [..] > >>> >> >>>> > ab = audit_log_start(NULL, GFP_KERNEL, msg_type); >>>> > if (ab) { >>>> > audit_log_format(ab, >>>> > - "user pid=%d uid=%u auid=%u msg='%.1024s'", >>>> > - pid, uid, loginuid, (char )data); >>>> > + "user pid=%d uid=%u auid=%u subj=%s msg='%.1024s'", >>>> > + pid, uid, loginuid, ctx ? ctx : "null", (char )data); >> >>> >>> Do you want those "subj=null" items in the output when SELinux is >>> disabled, or should there be a different audit_log_format call in the ! >>> ctx case that completely omits "subj="? >>> > > > I remember a while back, Steve wanting to reduce / remove the > conditional tokens in records (I think the argument had to do with > performance impact and parsing). Did I remember that correctly Steve? > Assuming we do want to print the token if ctx == NULL, is there a > standard way of printing NULL in the record? I should probably make > sure kernel/auditsc.c:audit_log_task_context() is consistent with > whatever we decide. > Amy submitted a patch a while back to eliminate the "name=" field to avoid "name=(null)" from the audit records if there was no name but I don't think the patch went anywhere. https://www.redhat.com/archives/linux-audit/2005-November/msg00093.html It looks like there's a new case (for tty) where "(none)" is used. It would be nice to avoid having this in the audit records, especially in this case where the value might never be set on a particular system. ljk -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Wed 15 Feb 2006 - 11:16:39 EST This message: [ Message body ] Next message: Stephen Smalley: "Re: [RFC][PATCH] collect security labels on user processes generating audit messages" Previous message: Timothy R. Chavez: "Re: [RFC][PATCH] collect security labels on user processes generating audit messages" In reply to: Timothy R. Chavez: "Re: [RFC][PATCH] collect security labels on user processes generating audit messages" Next in thread: Steve Grubb: "Re: [RFC][PATCH] collect security labels on user processes generating audit messages" Reply: Steve Grubb: "Re: [RFC][PATCH] collect security labels on user processes generating audit messages" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom