Re: [PATCH v2 1/2] selinux: add tracepoint on denials

From: peter enderborg
Date: Fri Aug 14 2020 - 14:50:54 EST

Next message: Uladzislau Rezki: "Re: [PATCH] rcu: shrink each possible cpu krcp"
Previous message: Tobias Schramm: "[PATCH] mmc: mmc_spi: fix timeout calculation"
In reply to: Steven Rostedt: "Re: [PATCH v2 1/2] selinux: add tracepoint on denials"
Next in thread: Steven Rostedt: "Re: [PATCH v2 1/2] selinux: add tracepoint on denials"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8/14/20 8:30 PM, Steven Rostedt wrote:
> On Fri, 14 Aug 2020 20:06:34 +0200
> peter enderborg <peter.enderborg@xxxxxxxx> wrote:
>
>> Im find with that, but then you can not do filtering? I would be
>> pretty neat with a filter saying tclass=file permission=write.
>>
> Well, if the mapping is stable, you could do:
>
> (tclass == 6) && (audited & 0x4)

It does not happen to exist a hook for translate strings to numeric values when inserting filter?

> -- Steve

Next message: Uladzislau Rezki: "Re: [PATCH] rcu: shrink each possible cpu krcp"
Previous message: Tobias Schramm: "[PATCH] mmc: mmc_spi: fix timeout calculation"
In reply to: Steven Rostedt: "Re: [PATCH v2 1/2] selinux: add tracepoint on denials"
Next in thread: Steven Rostedt: "Re: [PATCH v2 1/2] selinux: add tracepoint on denials"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]