Re: [patch] update: _working_ code to add device+inode check toipt_owner.c

[Stephen Smalley]

On Thu, 2004-09-09 at 12:29, Stephen Smalley wrote:
> SELinux already uses d_path when it can when generating audit messages
> (but always includes device and inode information); try reading the
> code.  But a vfsmount is often not available to it at the point of a
> permission check.

But note that you can get more pathname information by enabling the
kernel syscall auditing support, i.e. boot with audit=1.  Then, whenever
SELinux generates an audit message during syscall processing, the audit
framework will also generate an audit message on syscall exit that
includes parameter information, including the supplied pathname (for
what it is worth).  Those audit messages can be tied together based on
serial number.

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/