Re: [PATCH 0/2] security/smack implement logging V2

From: Eric Paris
Date: Mon Apr 06 2009 - 11:36:58 EST

Next message: Alan Cox: "[PATCH 13/27] usb: Auto-load cdc_acm module when device opened."
Previous message: Alan Cox: "[PATCH 09/27] blackfin: Subtract ANOMALY_05000230 on quot"
In reply to: Etienne Basset: "[PATCH 0/2] security/smack implement logging V2"
Next in thread: Etienne Basset: "Re: [PATCH 0/2] security/smack implement logging V2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 2009-04-05 at 10:46 +0200, Etienne Basset wrote:

> the following 2 patches implements auditing of security events for Smack.
> It tries to implement what Eric Paris suggested, and moves shareable code
> to include/linux/lsm_audit.h and security/lsm_audit.c.
> Smack specific logging functions are now defined in smack_access.c

> type=1400 audit(1238919813.116:21): SMACK[smack_inode_getattr]: action=denied subject="FOO" object="etienne" requested=r pid=6679 comm="bash" path="/home/etienne/Desktop" dev=sda8ino=1237000

Can we make SMACK[smack_inode_getarr] into key=value pairs too and get
rid of that extra ':'? Anyone have naming suggestions?

lsm=SMACK function=smack_inode_getattr

also: dev=sda8ino=1237000 I'm guessing that was just a typo of you
putting the example into the e-mail, but you may want to double check.

-Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "[PATCH 13/27] usb: Auto-load cdc_acm module when device opened."
Previous message: Alan Cox: "[PATCH 09/27] blackfin: Subtract ANOMALY_05000230 on quot"
In reply to: Etienne Basset: "[PATCH 0/2] security/smack implement logging V2"
Next in thread: Etienne Basset: "Re: [PATCH 0/2] security/smack implement logging V2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]