Re: [PATCH] Add SELinux context support to AUDIT target

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Mr Dash Four <mr.dash.four@googlemail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH] Add SELinux context support to AUDIT target
Date: Thu, 26 May 2011 19:44:52 +0200	[thread overview]
Message-ID: <4DDE9194.4030303@netfilter.org> (raw)
In-Reply-To: <4DDE87F5.9050606@googlemail.com>

On 26/05/11 19:03, Mr Dash Four wrote:
>> I think this new information should be added at the end of the string.
>>   
> In other words:
> 
> type=NETFILTER_PKT msg=audit(1305852240.082:31012): action=0 hook=3
> len=52 inif=? outif=eth0 saddr=10.1.1.7 daddr=10.1.2.1 ipid=16312
> proto=6 sport=56150 dport=22 subj=system_u:object_r:sshd_packet_t:s0
> 
> As I am currently discussing this very issue (adding SELinux context to
> AUDIT) on the audit mail list, it was pointed out that "subj" should
> actually be "obj" as this is an object (i.e. a packet) on which this is
> applied, so that would ultimately mean:
> 
> type=NETFILTER_PKT msg=audit(1305852240.082:31012): action=0 hook=3
> len=52 inif=? outif=eth0 saddr=10.1.1.7 daddr=10.1.2.1 ipid=16312
> proto=6 sport=56150 dport=22 obj=system_u:object_r:sshd_packet_t:s0

OK, that's fine.

> I also need to check as I think the order is also important, otherwise
> ausearch/aureport may skip this due to "misconfiguration".

I was spotting this because we don't want to break any existing FOSS
application that parses the output. Adding things at the end seems to me
like the better way to avoid this?

So, please, make sure that we don't break anything.

next prev parent reply	other threads:[~2011-05-26 17:45 UTC|newest]

Thread overview: 45+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-05-20  1:09 [PATCH] Add SELinux context support to AUDIT target Mr Dash Four
2011-05-26 16:49 ` Pablo Neira Ayuso
2011-05-26 17:03   ` Mr Dash Four
2011-05-26 17:44     ` Pablo Neira Ayuso [this message]
2011-06-04 15:12     ` [PATCH 2nd revision] " Mr Dash Four
2011-06-05 23:06       ` Pablo Neira Ayuso
2011-06-06 12:02         ` Mr Dash Four
2011-06-06 23:20           ` Pablo Neira Ayuso
2011-06-07  8:18             ` Mr Dash Four
2011-06-07  9:12               ` Pablo Neira Ayuso
2011-06-07 10:32                 ` [PATCH 3rd " Mr Dash Four
2011-06-08 14:49                   ` Steve Grubb
2011-06-08 16:12                     ` Mr Dash Four
2011-06-08 17:14                       ` Steve Grubb
2011-06-08 18:04                         ` Mr Dash Four
2011-06-08 18:13                     ` Casey Schaufler
2011-06-08 18:33                       ` Eric Paris
2011-06-08 19:00                         ` Mr Dash Four
2011-06-08 19:08                           ` Eric Paris
2011-06-08 19:14                             ` Mr Dash Four
2011-06-08 19:28                             ` Steve Grubb
2011-06-08 19:39                               ` Eric Paris
2011-06-09 12:28                                 ` Patrick McHardy
2011-06-09 12:52                                   ` Eric Paris
2011-06-09 12:56                                     ` Patrick McHardy
2011-06-09 14:08                                     ` Mr Dash Four
2011-06-09 15:06                                       ` Eric Paris
2011-06-09 15:16                                         ` Mr Dash Four
2011-06-16  8:36                                           ` Mr Dash Four
2011-06-18 12:08                                             ` [PATCH 4th " Mr Dash Four
2011-06-20 12:20                                               ` Steve Grubb
2011-06-20 14:21                                                 ` Mr Dash Four
2011-06-20 14:27                                                   ` Eric Paris
2011-06-30 11:35                                                     ` Patrick McHardy
2011-06-08 18:36                       ` [PATCH 3rd " Steve Grubb
2011-06-08 18:45                         ` Mr Dash Four
2011-06-06 12:14       ` [PATCH 2nd " Steve Grubb
2011-06-06 12:25         ` Mr Dash Four
2011-06-06 12:30           ` Steve Grubb
2011-06-06 12:42             ` Mr Dash Four
2011-06-06 12:53               ` Steve Grubb
2011-06-06 13:10                 ` Mr Dash Four
2011-06-06 23:22                   ` Pablo Neira Ayuso
2011-06-07  0:59                     ` Steve Grubb
2011-06-07  1:23                       ` Casey Schaufler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4DDE9194.4030303@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=mr.dash.four@googlemail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).