audit plugin for AVC and USER_AVC messages

Wednesday, 14 August 2024

Hi Steve, 

I used your plugin code sample
-https://github.com/linux-audit/audit-userspace/blob/master/contrib/plugin/audisp-example.c
to handle audit messages when I write some audit rules. it works perfectly fine with some
minor tweaks

Now I want to extend the same plugin to filter AVC and USER_AVC messages and sent to our
system log. But while developing SELINUX policy there are too many of these and hence the
plugin is unable to handle it and system hangs. Is there a way to increase the capacity of
plugin to handle so many  AVC denials. Eventually when the SELINUX policy is matured , I
expect to see a lot less of these denials.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

audit plugin for AVC and USER_AVC messages