[PATCH v3 0/3] selinux: add detailed tracepoint on audited events

From: Thiébaud Weksteen
Date: Mon Aug 17 2020 - 13:24:27 EST

Next message: David Ahern: "[PATCH v2] perf sched timehist: Fix use of CPU list with summary option"
Previous message: Bartosz Golaszewski: "[PATCH v7 1/3] devres: provide devm_krealloc()"
Next in thread: Thiébaud Weksteen: "[PATCH v3 3/3] selinux: add permission names to trace event"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The audit data currently captures which process and which target
is responsible for a denial. There is no data on where exactly in the
process that call occurred. Debugging can be made easier by adding a
trace point when an event is audited.

This series of patch defines this new trace point and extra attributes
to easily match the tracepoint event with the audit event. It is also
possible to filter the events based on these attributes.

Changes since v2
================
- Add patch to include decoded permissions.
- Remove ssid and tsid from attributes list.
- Update commit log with more context.

Peter Enderborg (2):
selinux: add basic filtering for audit trace events
selinux: add permission names to trace event

Thiébaud Weksteen (1):
selinux: add tracepoint on denials

MAINTAINERS | 1 +
include/trace/events/avc.h | 60 ++++++++++++++++++++++++++++++++++++++
security/selinux/avc.c | 59 ++++++++++++++++++++++++++++++++-----
3 files changed, 113 insertions(+), 7 deletions(-)
create mode 100644 include/trace/events/avc.h

--
2.28.0.220.ged08abb693-goog

Next message: David Ahern: "[PATCH v2] perf sched timehist: Fix use of CPU list with summary option"
Previous message: Bartosz Golaszewski: "[PATCH v7 1/3] devres: provide devm_krealloc()"
Next in thread: Thiébaud Weksteen: "[PATCH v3 3/3] selinux: add permission names to trace event"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]