auditing kdbus service names
Paul Moore
pmoore at redhat.com
Thu Aug 13 02:48:10 UTC 2015
On Wednesday, August 12, 2015 05:38:14 PM Steve Grubb wrote:
> On Wednesday, August 12, 2015 08:40:34 AM Paul Moore wrote:
> > Hello all,
> >
> > I'm currently working on a set of LSM hooks for the new kdbus IPC
> > mechanism
> > and one of the things that I believe we will need to add is a new audit
> > field for the kdbus service name (very similar to the old fashioned dbus
> > service name). I was thinking "kdbus_svc" for the field name, any
> > objections?
>
> What was used on the old dbus events?
The very generic "service" field name, see the "acquire_svc" example in the
URL below. I believe there is some value in picking a new field name since 1)
the field name is too generic in my opinion and 2) kdbus != dbus.
* http://lists.freedesktop.org/archives/dbus/2004-November/001728.html
--
paul moore
security @ redhat
More information about the Linux-audit
mailing list