[PATCH] selinux: print leading 0x on ioctlcmd audits
Roberts, William C
william.c.roberts at intel.com
Fri Jul 15 19:49:22 UTC 2016
> -----Original Message-----
> From: Steve Grubb [mailto:sgrubb at redhat.com]
> Sent: Friday, July 15, 2016 12:42 PM
> To: Roberts, William C <william.c.roberts at intel.com>
> Cc: Paul Moore <pmoore at redhat.com>; William Roberts
> <bill.c.roberts at gmail.com>; seandroid-list at tycho.nsa.gov;
> selinux at tycho.nsa.gov; linux-audit at redhat.com
> Subject: Re: [PATCH] selinux: print leading 0x on ioctlcmd audits
>
> On Friday, July 15, 2016 7:33:09 PM EDT Roberts, William C wrote:
> > <snip>
> >
> > > > This is important so that people don't make up new ones that do
> > > > the same thing. The ioctlcmd field name should be recorded. Are
> > > > there more that need documenting?
> > >
> > > Steve/William, one of you want to send a patch/PR for the field
> > > dictionary?
> >
> > I'll send it over.
>
> I also asked some other questions. Is this the ioctl number? As in syscall arg a1? I
> need to know if its the same thing so that I can hook up its translation if so.
Yes, per man ioctl, it's the "request number". Assuming a0 is the file descriptor, then a1 is the
Ioctlcmd value.
>
> Thanks,
> -Steve
More information about the Linux-audit
mailing list