selinux: Only audit permissions specified in policy - kernel

diff options

author	Stephen Smalley <[email protected]>	2010-02-02 16:31:51 +0000
committer	James Morris <[email protected]>	2010-02-02 21:49:10 +0000
commit	b6cac5a30b325e14cda425670bb3568d3cad0aa8 (patch)
tree	276a3a2a985c862ac9439cb2f8facabb7d1f1944 /security/selinux/hooks.c
parent	TOMOYO: Remove usage counter for temporary memory. (diff)
download	kernel-b6cac5a30b325e14cda425670bb3568d3cad0aa8.tar.gz kernel-b6cac5a30b325e14cda425670bb3568d3cad0aa8.zip

selinux: Only audit permissions specified in policy

Only audit the permissions specified by the policy rules. Before: type=AVC msg=audit(01/28/2010 14:30:46.690:3250) : avc: denied { read append } for pid=14092 comm=foo name=test_file dev=dm-1 ino=132932 scontext=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:rpm_tmp_t:s0 tclass=file After: type=AVC msg=audit(01/28/2010 14:52:37.448:26) : avc: denied { append } for pid=1917 comm=foo name=test_file dev=dm-1 ino=132932 scontext=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:rpm_tmp_t:s0 tclass=file Reference: https://bugzilla.redhat.com/show_bug.cgi?id=558499 Reported-by: Tom London <[email protected]> Signed-off-by: Stephen D. Smalley <[email protected]> Signed-off-by: James Morris <[email protected]>

Diffstat (limited to 'security/selinux/hooks.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: