On Tue, 2010-11-23 at 13:25 -0500, Miloslav Trmac wrote: > ----- "Eric Paris" <eparis@xxxxxxxxxx> wrote: > > On Tue, 2010-11-23 at 13:50 +0100, Miloslav TrmaÄ wrote: > > > Collect audited crypto operations in a list, because a single _exit() > > > can cause several AF_ALG sockets to be closed, and each needs to be > > > audited. > > > > > > Add the AUDIT_CRYPTO_OP field so that crypto operations are not > > audited > > > by default, but auditing can be enabled using a rule (probably > > > "-F crypto_op!=0"). > > > > Just an implementation question, why a new list instead of finding a > way > > to reuse struct audit_aux_data? > This remained in the code from an earlier version where the relative > order of crypto records was meaningful. In the current version the > only difference is that an AUDIT_CRYPTO_OP filter has to traverse > fewer entries. It probably won't actually have to traverse extra entries. We shouldn't (at least that I can think of) ever have a single syscall which is going to have crypto, execve, signal, fcaps, etc. records simultaneously. In any case, if you send another round, I'd suggest reuse or aux. -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
