On Fri, 2020-06-05 at 14:09 -0700, Lakshmi Ramasubramanian wrote: > On 6/5/20 1:49 PM, Paul Moore wrote: > > > > >> Since a pr_xyz() call was already present, I just wanted to change the > >> log level to keep the code change to the minimum. But if audit log is > >> the right approach for this case, I'll update. > > > > Generally we reserve audit for things that are required for various > > security certifications and/or "security relevant". From what you > > mentioned above, it seems like this would fall into the second > > category if not the first. > > > > Looking at your patch it doesn't look like you are trying to record > > anything special so you may be able to use the existing > > integrity_audit_msg(...) helper. Of course then the question comes > > down to the audit record type (the audit_msgno argument), the > > operation (op), and the comm/cause (cause). > > > > Do you feel that any of the existing audit record types are a good fit for this? > > > > Maybe I can use the audit_msgno "AUDIT_INTEGRITY_PCR" with appropriate > strings for "op" and "cause". > > Mimi - please let me know if you think this audit_msgno would be ok to > use. I see this code used, for instance, for boot aggregate measurement. > > integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op, > audit_cause, result, 0); Yes, AUDIT_INTEGRITY_PCR is also used for failures to add to the measurement list. thanks, Mimi
