[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Getting the real task name in avc messages
On Wed, 2005-03-30 at 16:27 -0600, Darrel Goeddel wrote:
> James Morris wrote:
> You could also just do:
>
> task_lock(current);
> audit_log_format(ab, " comm=%s", current->comm);
> task_unlock(current);
>
> This avoids an unnecessary copy since we have no use the data after the
> audit_log_format call.
Is this locking truly necessary when accessing current->comm (as opposed
to accessing the comm of another task)? Can it be set by any other
task? We don't presently hold the lock when accessing it in avc_audit.
> I really like the idea of moving this functionality to the standard
> syscall audit record. I'm sure that this would be nice info to have
> for folks who do not run SELinux.
Yes, I think it would be useful; Steve, want to take the updated patch
to linux-audit?
--
Stephen Smalley <sds@xxxxxxxxxxxxx>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
This mailing list archive is a service of Copilot Consulting.