#ifdef CONFIG_NF_CONNTRACK_SECMARK
if (skb->secmark)
audit_log_secctx(ab,skb->secmark);
#endif
Thus, discarding the result (rc), unless we are interested in the error
code, which I don't think is the case here. Would everyone be happy
with
this?
Actually just make it a void function as I don't think anyone
would/could/should make use of the return value.
In other words (audit.c) - N.B. the change from "subj" to "obj" as per
Steve's suggestion a while ago:
void audit_log_secctx(struct auditbuffer *ab, u32 secid)
{
int len;
char *ctx;
if (security_secid_to_secctx(sid, &ctx, &len)) {
audit_panic("Cannot convert secid to context");
} else {
audit_log_format(ab, " obj=%s", ctx);
security_release_secctx(ctx, len);
}
}
And xt_AUDIT.c stays as per my suggestion above. Should I assume that
gets the "go" from everyone concerned?
If there are no objections, I'll resubmit the patch at the weekend with
the above functionality implemented.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
