On Tue, Sep 14, 2021 at 10:49 AM Paul Moore <p...@paul-moore.com> wrote:
>
> On Tue, Sep 14, 2021 at 9:15 AM Ondrej Mosnacek <omosn...@redhat.com> wrote:
> >
> > The "key" field is used to associate records with the rule that
> > triggered them, os it's not a good idea to overload it with an
> > additional IPC key semantic. Moreover, as the classic "key" field is a
> > text field, while the IPC key is numeric, AVC records containing the IPC
> > key info actually confuse audit userspace, which tries to interpret the
> > number as a hex-encoded string, thus showing garbage for example in the
> > ausearch "interpret" output mode.
> >
> > Hence, change it to "ipc_key" to fix both issues and also make the
> > meaning of this field more clear.
> >
> > Signed-off-by: Ondrej Mosnacek <omosn...@redhat.com>
> > ---
> >  security/lsm_audit.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
>
> Seems reasonable to me, I can merge it via the audit/next tree unless
> James would prefer to take it via the LSM tree.

As this is pretty minor and unlikely to conflict with any LSMs, I've
gone ahead and merged this into the audit/next tree.

-- 
paul moore
www.paul-moore.com

--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit

Reply via email to