AVC field names

AVC field names

[John Dennis]

There are two fields in AVC audit messages which do not have a name, the
result and the access permissions (what is inside the braces {}).

In setroubleshoot we named the result "grant" and we named the access
permissions "access".

I see in auparse they have been named "seresults" and "seperms"
respectively. 

Why is "seresults" plural? It's a single value isn't it?

Are these names in wide use? I ask because for sanity sake I don't want
to be in the business of translating names between libraries, just too
confusing, let's aim for consistency. My general impression was "access"
was way that items inside the braces were referred to in much of the
SELinux documentation. So based on what is out in the field and
anticipated usage should we be using: 

"grant" & "access"

-OR-

"seresults" & "seperms" (seresult?)

I'll change one or the other, just don't want to have both in play at
the same time. 

-- 
John Dennis <jdennis@redhat.com>

Re: AVC field names

[Steve Grubb]

On Wednesday 23 May 2007 11:45, John Dennis wrote:
> There are two fields in AVC audit messages which do not have a name, the
> result and the access permissions (what is inside the braces {}).

Yes, I brought this up on the SE Linux mail list.

> I see in auparse they have been named "seresults" and "seperms"
> respectively.
>
> Why is "seresults" plural? It's a single value isn't it?

Hmm...might be a typo.

> Are these names in wide use?

Probably not.

> I ask because for sanity sake I don't want to be in the business of
> translating names between libraries, just too confusing, let's aim for
> consistency. My general impression was "access" was way that items inside
> the braces were referred to in much of the SELinux documentation. So based
> on what is out in the field and anticipated usage should we be using:
>
> "grant" & "access"
>
> -OR-
>
> "seresults" & "seperms" (seresult?)

http://www.nsa.gov/selinux/list-archive/0701/19061.cfm

-Steve