Re: [PATCH v3 3/3] selinux: add permission names to trace event

From: Stephen Smalley
Date: Mon Aug 17 2020 - 16:13:40 EST

Next message: Arvind Sankar: "Re: [PATCH v2] lib/string.c: implement stpcpy"
Previous message: Rob Herring: "Re: [PATCH v3 43/44] dt: document HiSilicon SPMI controller and mfd/regulator properties"
In reply to: Thiébaud Weksteen: "[PATCH v3 3/3] selinux: add permission names to trace event"
Next in thread: Steven Rostedt: "Re: [PATCH v3 3/3] selinux: add permission names to trace event"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8/17/20 1:07 PM, Thiébaud Weksteen wrote:

From: Peter Enderborg <peter.enderborg@xxxxxxxx>

In the print out add permissions, it will look like:
<...>-1042 [007] .... 201.965142: selinux_audited:
requested=0x4000000 denied=0x4000000 audited=0x4000000
result=-13
scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:bin_t:s0
tclass=file permissions={ !entrypoint }

This patch is adding the "permissions={ !entrypoint }".
The permissions preceded by "!" have been denied and the permissions
without have been accepted.

Note that permission filtering is done on the audited, denied or
requested attributes.

Suggested-by: Steven Rostedt <rostedt@xxxxxxxxxxx>
Suggested-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Reviewed-by: Thiébaud Weksteen <tweek@xxxxxxxxxx>
Signed-off-by: Peter Enderborg <peter.enderborg@xxxxxxxx>
---

Does this require a corresponding patch to userspace? Otherwise, I get the following:

libtraceevent: No such file or directory
[avc:selinux_audited] function avc_trace_perm_to_name not defined

Next message: Arvind Sankar: "Re: [PATCH v2] lib/string.c: implement stpcpy"
Previous message: Rob Herring: "Re: [PATCH v3 43/44] dt: document HiSilicon SPMI controller and mfd/regulator properties"
In reply to: Thiébaud Weksteen: "[PATCH v3 3/3] selinux: add permission names to trace event"
Next in thread: Steven Rostedt: "Re: [PATCH v3 3/3] selinux: add permission names to trace event"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]