On Fri, 2005-05-20 at 17:55 +0100, David Woodhouse wrote:
> Yeah, basically. Although it would be better to introduce AUDIT_AVC_PATH
> instead of using AUDIT_AVC for the type. If there's general agreement
> this this is a sane answer, I'll stick it in the git tree. Can I see a
> Signed-off-by line please?
Patched kernel compiles, boots, and runs the selinux testsuite as
expected, with just the (last component) name= info in the avc message
and the path= info in the associated syscall audit message. I don't
mind introducing an AUDIT_AVC_PATH type if desired, but saw that there
was an AUDIT_AVC definition that wasn't being used yet. What do people
want? Would we end up adding separate types for each kind of auxiliary
audit data provided by the AVC, or just put them all into a single top-
level type with possibly a subtype to distinguish.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]