Re: [PATCH v2 1/2] selinux: add tracepoint on denials

From: Steven Rostedt
Date: Fri Aug 14 2020 - 14:31:02 EST

Next message: Steven Rostedt: "Re: [RFC PATCH] vsprintf: Add %pv extension replacement for print_vma_addr"
Previous message: Marc Zyngier: "Re: [PATCH v4 1/5] of_address: Add bus type match for pci ranges parser"
In reply to: peter enderborg: "Re: [PATCH v2 1/2] selinux: add tracepoint on denials"
Next in thread: peter enderborg: "Re: [PATCH v2 1/2] selinux: add tracepoint on denials"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 14 Aug 2020 20:06:34 +0200
peter enderborg <peter.enderborg@xxxxxxxx> wrote:

> Im find with that, but then you can not do filtering? I would be
> pretty neat with a filter saying tclass=file permission=write.
>

Well, if the mapping is stable, you could do:

(tclass == 6) && (audited & 0x4)

-- Steve

Next message: Steven Rostedt: "Re: [RFC PATCH] vsprintf: Add %pv extension replacement for print_vma_addr"
Previous message: Marc Zyngier: "Re: [PATCH v4 1/5] of_address: Add bus type match for pci ranges parser"
In reply to: peter enderborg: "Re: [PATCH v2 1/2] selinux: add tracepoint on denials"
Next in thread: peter enderborg: "Re: [PATCH v2 1/2] selinux: add tracepoint on denials"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]