From: Eric Paris <eparis@redhat.com>
To: Etienne Basset <etienne.basset@numericable.fr>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
LSM <linux-security-module@vger.kernel.org>,
linux-audit@redhat.com
Subject: Re: [PATCH 0/2] security/smack implement logging V2
Date: Mon, 06 Apr 2009 11:34:26 -0400 [thread overview]
Message-ID: <1239032066.4009.5.camel@localhost.localdomain> (raw)
In-Reply-To: <49D86FFA.1010507@numericable.fr>
On Sun, 2009-04-05 at 10:46 +0200, Etienne Basset wrote:
> the following 2 patches implements auditing of security events for Smack.
> It tries to implement what Eric Paris suggested, and moves shareable code
> to include/linux/lsm_audit.h and security/lsm_audit.c.
> Smack specific logging functions are now defined in smack_access.c
> type=1400 audit(1238919813.116:21): SMACK[smack_inode_getattr]: action=denied subject="FOO" object="etienne" requested=r pid=6679 comm="bash" path="/home/etienne/Desktop" dev=sda8ino=1237000
Can we make SMACK[smack_inode_getarr] into key=value pairs too and get
rid of that extra ':'? Anyone have naming suggestions?
lsm=SMACK function=smack_inode_getattr
also: dev=sda8ino=1237000 I'm guessing that was just a typo of you
putting the example into the e-mail, but you may want to double check.
-Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Paris <eparis@redhat.com>
To: Etienne Basset <etienne.basset@numericable.fr>
Cc: LSM <linux-security-module@vger.kernel.org>,
Casey Schaufler <casey@schaufler-ca.com>,
linux-audit@redhat.com,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
sgrubb@redhat.com, sds@tycho.nsa.gov
Subject: Re: [PATCH 0/2] security/smack implement logging V2
Date: Mon, 06 Apr 2009 11:34:26 -0400 [thread overview]
Message-ID: <1239032066.4009.5.camel@localhost.localdomain> (raw)
In-Reply-To: <49D86FFA.1010507@numericable.fr>
On Sun, 2009-04-05 at 10:46 +0200, Etienne Basset wrote:
> the following 2 patches implements auditing of security events for Smack.
> It tries to implement what Eric Paris suggested, and moves shareable code
> to include/linux/lsm_audit.h and security/lsm_audit.c.
> Smack specific logging functions are now defined in smack_access.c
> type=1400 audit(1238919813.116:21): SMACK[smack_inode_getattr]: action=denied subject="FOO" object="etienne" requested=r pid=6679 comm="bash" path="/home/etienne/Desktop" dev=sda8ino=1237000
Can we make SMACK[smack_inode_getarr] into key=value pairs too and get
rid of that extra ':'? Anyone have naming suggestions?
lsm=SMACK function=smack_inode_getattr
also: dev=sda8ino=1237000 I'm guessing that was just a typo of you
putting the example into the e-mail, but you may want to double check.
-Eric
next prev parent reply other threads:[~2009-04-06 15:34 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-05 8:46 [PATCH 0/2] security/smack implement logging V2 Etienne Basset
2009-04-06 15:34 ` Eric Paris [this message]
2009-04-06 15:34 ` Eric Paris
2009-04-06 16:49 ` Etienne Basset
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1239032066.4009.5.camel@localhost.localdomain \
--to=eparis@redhat.com \
--cc=etienne.basset@numericable.fr \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.