From mboxrd@z Thu Jan  1 00:00:00 1970
From: Etienne Basset <etienne.basset@numericable.fr>
Subject: Re: [PATCH 2/2] security/smack implement logging V3
Date: Mon, 13 Apr 2009 21:39:40 +0200
Message-ID: <49E394FC.5040805@numericable.fr>
References: <49DCEF86.4090909@numericable.fr> <1239648807.4320.4.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Return-path: <linux-security-module-owner@vger.kernel.org>
In-Reply-To: <1239648807.4320.4.camel@localhost.localdomain>
Sender: linux-security-module-owner@vger.kernel.org
To: Eric Paris <eparis@redhat.com>
Cc: Casey Schaufler <casey@schaufler-ca.com>, LSM <linux-security-module@vger.kernel.org>, linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Eric Paris wrote:
> On Wed, 2009-04-08 at 20:40 +0200, Etienne Basset wrote:
>> the following patch, add logging of Smack security decisions. 
>> This is of course very useful to understand what your current smack policy does.
>> As suggested by Casey, it also now forbids labels with ', " or \
>>
>> It introduces a '/smack/logging' switch :
>> 0: no logging
>> 1: log denied (default)
>> 2: log accepted 
>> 3: log denied&accepted 
>>
>>
>> Signed-off-by: Etienne Basset <etienne.basset@numericable.fr>
> 
> Acked-by: Eric Paris <eparis@redhat.com>
> 
thanks!

> I don't think it's worth doing now, but if for some reason you have to
> make another round....
> 
> smk_ad_setfield_u_tsk and friends could be generic functions since
> SELinux could use them just as well to clear up some of their code.
> 

well, we need these in Smack to cover the !CONFIG_AUDIT case
Since SELinux does depend on AUDIT, i dont think they will need this

regards
Etienne