[PATCH 0/2] Improvements to AVC record matching
Marcelo Cerri
mhcerri at linux.vnet.ibm.com
Mon Feb 20 18:15:45 UTC 2012
This set of patches is intended to improve how auvirt matches AVC records.
Currently, auvirt just matches AVC records generated by SELinux that have a
guest context as target context.
With the first patch, auvirt will also match records that have a guest context
as source context, which means that denied actions performed by a guest will
also be matched.
The second patch adds similar support for AVC records generated by AppArmor.
With this patch, auvirt will match AVC records generated due to an AppArmor
profile generated by libvirt to a guest. It will also match AVC records which
the target is one of the resources assigned to a guest.
Marcelo Cerri (2):
auvirt: Improve matching of AVC records generated by SELinux
auvirt: Add support for AVC records generated by AppArmor
tools/auvirt/auvirt.c | 276 +++++++++++++++++++++++++++++++++++++++++++++----
1 files changed, 256 insertions(+), 20 deletions(-)
More information about the Linux-audit
mailing list