[RFC 1/1] NetLabel: add audit support for configuration changes
Linda Knippers
linda.knippers at hp.com
Wed Sep 27 23:00:27 UTC 2006
Thanks for sending the audit records.
> # netlabelctl unlbl accept on
>
> type=UNKNOWN[1406] msg=audit(1159362394.806:420): netlabel: module=unlbl
> action=accept auid=0 uid=0 euid=0 tty=pts0 pid=6711 comm="netlabelctl"
> exe="/usr/local/sbin/netlabelctl"
>
> (there is also an audit message for "unlbl accept off" which changes
> "action=accept" to "action=deny")
One nit-picky comment is that once the user-space tools know about the
message type and insert "MAC_UNLBL_ACCEPT" as the type, the module=
and action= fields will be somewhat redundant. I think the same is
true for the other types of audit records. You could omit the switch
statement in netlbl_audit_start_common() and shorten the audit records
if we rely on the audit record type to provide that module/action information.
-- ljk
More information about the Linux-audit
mailing list