Re: 2.6.12-rc4-mm2 - sleeping function called from invalid context at mm/slab.c:2502
On Friday 20 May 2005 12:58, Stephen Smalley wrote:
I don't
mind introducing an AUDIT_AVC_PATH type if desired, but saw that there
was an AUDIT_AVC definition that wasn't being used yet.
Yes it is. I patched security/selinux/avc.c
What do people want? Would we end up adding separate types for each
kind of
auxiliary audit data provided by the AVC, or just put them all into a single
top-level type with possibly a subtype to distinguish.
If its something that I will need to search on and the parsing is different
for it, it needs to be a different type. I key on the type to invoke the
right parser to extract search items. It also makes searching easier. You can
do ausearch -m AVC_PATH and see all the events that contain that record type.
-Steve