On Thu, Jul 14, 2016 at 7:33 PM, William Roberts <bill.c.roberts@xxxxxxxxx> wrote: > On Thu, Jul 14, 2016 at 4:18 PM, William Roberts wrote: >> On Thu, Jul 14, 2016 at 3:17 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote: >>> On Thu, Jul 14, 2016 at 3:29 PM, <william.c.roberts@xxxxxxxxx> wrote: >>> > From: William Roberts <william.c.roberts@xxxxxxxxx> >>> > >>> > ioctlcmd is currently printing hex numbers, but their is no leading >>> > 0x. Thus things like ioctlcmd=1234 are misleading, as the base is >>> > not evident. >>> > >>> > Correct this by adding 0x as a prefix, so ioctlcmd=1234 becomes >>> > ioctlcmd=0x1234. >>> > >>> > Signed-off-by: William Roberts <william.c.roberts@xxxxxxxxx> >>> > --- >>> > security/lsm_audit.c | 2 +- >>> > 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> NOTE: adding Steve Grubb and the audit mailing list to the CC line >>> >>> Like it or not, I believe the general standard/convention when it >>> comes to things like this is to leave off the "0x" prefix; the idea >>> being that is saves precious space in the audit logs and the value is >>> only ever going to be in hex anyway. >> >> Is it always in hex, what about pid? > > Outside of escaped untrusted input ... That's what I've been working on the past few days and it colored my view of things. I tracked down Steve just now and it looks like the preference *is* to have a "0x" prefix, my apologies for the confusion. I'll add this to the SELinux next queue. -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
