[PATCH v4 0/2] selinux: add detailed tracepoint on audited events

From: Thiébaud Weksteen
Date: Fri Aug 21 2020 - 10:08:58 EST


The audit data currently captures which process and which target
is responsible for a denial. There is no data on where exactly in the
process that call occurred. Debugging can be made easier by adding a
trace point when an event is audited.

This series of patch defines this new trace point and extra attributes
to easily match the tracepoint event with the audit event. It is also
possible to filter the events based on these attributes.

Changes since v3
================
- Remove patch to include decoded permissions.
- Remove extra braces in patch 2.

Changes since v2
================
- Add patch to include decoded permissions.
- Remove ssid and tsid from attributes list.
- Update commit log with more context.

Peter Enderborg (1):
selinux: add basic filtering for audit trace events

Thiébaud Weksteen (1):
selinux: add tracepoint on audited events

MAINTAINERS | 1 +
include/trace/events/avc.h | 53 ++++++++++++++++++++++++++++++++++++++
security/selinux/avc.c | 29 +++++++++++++--------
3 files changed, 72 insertions(+), 11 deletions(-)
create mode 100644 include/trace/events/avc.h

--
2.28.0.297.g1956fa8f8d-goog