Re: [PATCH 02/13] AppArmor: basic auditing infrastructure.
From: Eric Paris
Date: Thu Jul 15 2010 - 13:36:30 EST
On Thu, 15 Jul 2010 09:36:46 -0700
John Johansen <john.johansen@xxxxxxxxxxxxx> wrote:
> On 07/15/2010 08:18 AM, Eric Paris wrote:
> > On Wed, Jul 14, 2010 at 8:43 PM, John Johansen
> > <john.johansen@xxxxxxxxxxxxx> wrote:
> >> + if (sa->aad.profile) {
> >> + struct aa_profile *profile = sa->aad.profile;
> >> + pid_t pid;
> >> + rcu_read_lock();
> >> + pid = tsk->real_parent->pid;
> >> + rcu_read_unlock();
> >> + audit_log_format(ab, " parent=%d", pid);
> >> + audit_log_format(ab, " profile=");
> >> + if (profile->ns != root_ns) {
> >> + audit_log_format(ab, ":");
> >> + audit_log_untrustedstring(ab,
> >> profile->ns->base.hname);
> >> + audit_log_format(ab, "://");
> >> + }
> >> + audit_log_untrustedstring(ab, profile->base.hname);
> >> + }
> >
> > what does this message look like? I don't think it fits the nice
> > key=value rules of the audit system.... Are you sure this is what
> > you want?
> >
> it looks like
> profile=:ns_name://profile_name
Actually it would be:
profile=:"ns_name"://"profile_name"
The 'untrustedstring' call is going to add "" just making sure you are
ok with that. I guess the audit libs will deal with it ok.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/