On Fri, 2005-05-20 at 17:55 +0100, David Woodhouse wrote:
Yeah, basically. Although it would be better to introduce
AUDIT_AVC_PATH
instead of using AUDIT_AVC for the type. If there's general agreement
this this is a sane answer, I'll stick it in the git tree. Can I see a
Signed-off-by line please?
Patched kernel compiles, boots, and runs the selinux testsuite as
expected, with just the (last component) name= info in the avc message
and the path= info in the associated syscall audit message. I don't
mind introducing an AUDIT_AVC_PATH type if desired, but saw that there
was an AUDIT_AVC definition that wasn't being used yet. What do people
want? Would we end up adding separate types for each kind of auxiliary
audit data provided by the AVC, or just put them all into a single top-
level type with possibly a subtype to distinguish.
--
Stephen Smalley
National Security Agency