Re: [PATCH 1/2] audit: show user land backtrace as part of audit context messages

On Tue, Feb 2, 2021 at 4:29 PM Daniel Walker <danielwa(a)cisco.com&gt; wrote: > From: Victor Kamensky <kamensky(a)cisco.com&gt; > > To efficiently find out where SELinux AVC denial is comming from > take backtrace of user land process and display it as type=UBACKTRACE > message that comes as audit context for SELinux AVC and other audit > messages ... Have you tried the new perf tracepoint for SELinux AVC decisions that trigger an audit event? It's a new feature for v5.10 and looks to accomplish most of what you are looking for with this patch. * https://www.paul-moore.com/blog/d/2020/12/linux_v510.html