Re: NetLabel audit messages
On Friday 22 September 2006 13:38, Paul Moore wrote:
In order to meet certain certification requirements, the NetLabel
kernel
subsystem needs to write a small number of audit messages.
What are the requirements you are addressing? (I have a feeling that its
similar to what we have to do to file systems.)
For the messages themselves, here is what I was thinking:
"netlabel: <protocol> op=<operation> pid=<pid> tty=<tty>
comm=<name>
exe=<path> uid=<uid> auid=<auid> euid=<euid>
suid=<suid>
fsuid=<fsuid> gid=<gid> egid=<euid> sgid=<suid>
fsgid=<fsuid> [<cipsov4 extras>|<managment extras>]"
This look very much like a syscall record...would it make sense to do this as
an aux record?
-Steve