[PATCH 0/2] security/smack implement logging V2
Etienne Basset
etienne.basset at numericable.fr
Mon Apr 6 16:49:59 UTC 2009
Eric Paris wrote:
> On Sun, 2009-04-05 at 10:46 +0200, Etienne Basset wrote:
>
>> the following 2 patches implements auditing of security events for Smack.
>> It tries to implement what Eric Paris suggested, and moves shareable code
>> to include/linux/lsm_audit.h and security/lsm_audit.c.
>> Smack specific logging functions are now defined in smack_access.c
>
>
>> type=1400 audit(1238919813.116:21): SMACK[smack_inode_getattr]: action=denied subject="FOO" object="etienne" requested=r pid=6679 comm="bash" path="/home/etienne/Desktop" dev=sda8ino=1237000
>
> Can we make SMACK[smack_inode_getarr] into key=value pairs too and get
> rid of that extra ':'? Anyone have naming suggestions?
>
> lsm=SMACK function=smack_inode_getattr
>
yes, sure. Maybe just :
lsm=SMACK fn=smack_inode_getattr
I want as much info as possible with as less characters as possible (is this english? :) )
> also: dev=sda8ino=1237000 I'm guessing that was just a typo of you
> putting the example into the e-mail, but you may want to double check.
>
yeah, bad cut&paste, sorry about that
Etienne
More information about the Linux-audit
mailing list