[PATCH v3 0/3] selinux: add detailed tracepoint on audited events
From: Thiébaud Weksteen
Date: Mon Aug 17 2020 - 13:24:27 EST
The audit data currently captures which process and which target
is responsible for a denial. There is no data on where exactly in the
process that call occurred. Debugging can be made easier by adding a
trace point when an event is audited.
This series of patch defines this new trace point and extra attributes
to easily match the tracepoint event with the audit event. It is also
possible to filter the events based on these attributes.
Changes since v2
================
- Add patch to include decoded permissions.
- Remove ssid and tsid from attributes list.
- Update commit log with more context.
Peter Enderborg (2):
selinux: add basic filtering for audit trace events
selinux: add permission names to trace event
Thiébaud Weksteen (1):
selinux: add tracepoint on denials
MAINTAINERS | 1 +
include/trace/events/avc.h | 60 ++++++++++++++++++++++++++++++++++++++
security/selinux/avc.c | 59 ++++++++++++++++++++++++++++++++-----
3 files changed, 113 insertions(+), 7 deletions(-)
create mode 100644 include/trace/events/avc.h
--
2.28.0.220.ged08abb693-goog