lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 6 Aug 2020 09:45:50 -0400
From:   Stephen Smalley <stephen.smalley.work@...il.com>
To:     peter enderborg <peter.enderborg@...y.com>,
        Thiébaud Weksteen <tweek@...gle.com>,
        Paul Moore <paul@...l-moore.com>
Cc:     Nick Kralevich <nnk@...gle.com>,
        Eric Paris <eparis@...isplace.org>,
        Steven Rostedt <rostedt@...dmis.org>,
        Ingo Molnar <mingo@...hat.com>,
        Mauro Carvalho Chehab <mchehab+huawei@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Rob Herring <robh@...nel.org>, Arnd Bergmann <arnd@...db.de>,
        linux-kernel@...r.kernel.org, selinux@...r.kernel.org
Subject: Re: [PATCH 2/2] selinux: add attributes to avc tracepoint

On 8/6/20 8:32 AM, Stephen Smalley wrote:

> On 8/6/20 8:24 AM, peter enderborg wrote:
>
>> On 8/6/20 2:11 PM, Stephen Smalley wrote:
>>> On 8/6/20 4:03 AM, Thiébaud Weksteen wrote:
>>>
>>>> From: Peter Enderborg <peter.enderborg@...y.com>
>>>>
>>>> Add further attributes to filter the trace events from AVC.
>>> Please include sample usage and output in the description.
>>>
>>>
>> Im not sure where you want it to be.
>>
>> In the commit message or in a Documentation/trace/events-avc.rst ?
>
> I was just asking for it in the commit message / patch description.  I 
> don't know what is typical for Documentation/trace.

For example, I just took the patches for a spin, running the 
selinux-testsuite under perf like so:

sudo perf record -e avc:selinux_audited -g make test

and then ran:

sudo perf report -g

and a snippet of sample output included:

      6.40%     6.40%  requested=0x800000 denied=0x800000 
audited=0x800000 result=-13 ssid=922 tsid=922 
scontext=unconfined_u:unconfined_r:test_binder_mgr_t:s0-s0:c0.c1023 
tcontext=unconfined_u:unconfined_r:test_binder_mgr_t:s0-s0:c0.c1023 
tclass=capability
             |
             ---0x495641000028933d
                __libc_start_main
                |
                |--4.60%--__GI___ioctl
                |          entry_SYSCALL_64
                |          do_syscall_64
                |          __x64_sys_ioctl
                |          ksys_ioctl
                |          binder_ioctl
                |          binder_set_nice
                |          can_nice
                |          capable
                |          security_capable
                |          cred_has_capability.isra.0
                |          slow_avc_audit
                |          common_lsm_audit
                |          avc_audit_post_callback
                |          avc_audit_post_callback
                |

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ