Re: [PATCH v2 1/2] selinux: add tracepoint on denials

From: Steven Rostedt
Date: Fri Aug 14 2020 - 14:56:53 EST

Next message: Julia Lawall: "Re: fs/ocfs2/suballoc.c:2430:2-8: preceding lock on line 2413"
Previous message: Uladzislau Rezki: "Re: [PATCH] rcu: shrink each possible cpu krcp"
In reply to: peter enderborg: "Re: [PATCH v2 1/2] selinux: add tracepoint on denials"
Next in thread: peter enderborg: "Re: [PATCH v2 1/2] selinux: add tracepoint on denials"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 14 Aug 2020 20:50:47 +0200
peter enderborg <peter.enderborg@xxxxxxxx> wrote:

> On 8/14/20 8:30 PM, Steven Rostedt wrote:
> > On Fri, 14 Aug 2020 20:06:34 +0200
> > peter enderborg <peter.enderborg@xxxxxxxx> wrote:
> >
> >> Im find with that, but then you can not do filtering? I would be
> >> pretty neat with a filter saying tclass=file permission=write.
> >>
> > Well, if the mapping is stable, you could do:
> >
> > (tclass == 6) && (audited & 0x4)
>
> It does not happen to exist a hook for translate strings to numeric values when inserting filter?
>

How would you imagine such a hook existing?

Something that would be specific to each trace event class, where you
can register at boot up a mapping of names to values? Or a function
that would translate it?

-- Steve

Next message: Julia Lawall: "Re: fs/ocfs2/suballoc.c:2430:2-8: preceding lock on line 2413"
Previous message: Uladzislau Rezki: "Re: [PATCH] rcu: shrink each possible cpu krcp"
In reply to: peter enderborg: "Re: [PATCH v2 1/2] selinux: add tracepoint on denials"
Next in thread: peter enderborg: "Re: [PATCH v2 1/2] selinux: add tracepoint on denials"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]