[PATCH 2/2] security/smack implement logging V3
Etienne Basset
etienne.basset at numericable.fr
Mon Apr 13 19:39:40 UTC 2009
Eric Paris wrote:
> On Wed, 2009-04-08 at 20:40 +0200, Etienne Basset wrote:
>> the following patch, add logging of Smack security decisions.
>> This is of course very useful to understand what your current smack policy does.
>> As suggested by Casey, it also now forbids labels with ', " or \
>>
>> It introduces a '/smack/logging' switch :
>> 0: no logging
>> 1: log denied (default)
>> 2: log accepted
>> 3: log denied&accepted
>>
>>
>> Signed-off-by: Etienne Basset <etienne.basset at numericable.fr>
>
> Acked-by: Eric Paris <eparis at redhat.com>
>
thanks!
> I don't think it's worth doing now, but if for some reason you have to
> make another round....
>
> smk_ad_setfield_u_tsk and friends could be generic functions since
> SELinux could use them just as well to clear up some of their code.
>
well, we need these in Smack to cover the !CONFIG_AUDIT case
Since SELinux does depend on AUDIT, i dont think they will need this
regards
Etienne
More information about the Linux-audit
mailing list