Re: [PATCH 1/2] audit: show user land backtrace as part of audit context messages

Tuesday, 2 February 2021

On Tue, Feb 2, 2021 at 4:29 PM Daniel Walker <danielwa(a)cisco.com&gt; wrote:
...
 From: Victor Kamensky <kamensky(a)cisco.com&gt;

 To efficiently find out where SELinux AVC denial is comming from
 take backtrace of user land process and display it as type=UBACKTRACE
 message that comes as audit context for SELinux AVC and other audit
 messages ... 
Have you tried the new perf tracepoint for SELinux AVC decisions that
trigger an audit event?  It's a new feature for v5.10 and looks to
accomplish most of what you are looking for with this patch.

* https://www.paul-moore.com/blog/d/2020/12/linux_v510.html

-- 
paul moore
www.paul-moore.com

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [PATCH 1/2] audit: show user land backtrace as part of audit context messages