Re: [PATCH v2 1/2] selinux: add tracepoint on denials

From: Stephen Smalley
Date: Fri Aug 14 2020 - 12:52:45 EST

Next message: Asutosh Das: "Re: [PATCH v3 2/2] scsi: ufs: remove several redundant goto statements"
Previous message: Atish Patra: "Re: [PATCH v5 3/9] RISC-V: Implement late mapping page table allocation functions"
In reply to: Thiébaud Weksteen: "Re: [PATCH v2 1/2] selinux: add tracepoint on denials"
Next in thread: peter enderborg: "Re: [PATCH v2 1/2] selinux: add tracepoint on denials"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Aug 14, 2020 at 9:05 AM Thiébaud Weksteen <tweek@xxxxxxxxxx> wrote:
>
> On Thu, Aug 13, 2020 at 5:41 PM Stephen Smalley
> <stephen.smalley.work@xxxxxxxxx> wrote:
> >
> > An explanation here of how one might go about decoding audited and
> > tclass would be helpful to users (even better would be a script to do it
> > for them). Again, I know how to do that but not everyone using
> > perf/ftrace will.
>
> What about something along those lines:
>
> The tclass value can be mapped to a class by searching
> security/selinux/flask.h. The audited value is a bit field of the
> permissions described in security/selinux/av_permissions.h for the
> corresponding class.

Sure, I guess that works. Would be nice if we just included the class
and permission name(s) in the event itself but I guess you viewed that
as too heavyweight?

Next message: Asutosh Das: "Re: [PATCH v3 2/2] scsi: ufs: remove several redundant goto statements"
Previous message: Atish Patra: "Re: [PATCH v5 3/9] RISC-V: Implement late mapping page table allocation functions"
In reply to: Thiébaud Weksteen: "Re: [PATCH v2 1/2] selinux: add tracepoint on denials"
Next in thread: peter enderborg: "Re: [PATCH v2 1/2] selinux: add tracepoint on denials"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]