[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <07e2c48d-3918-6ceb-a6b2-4e2f18f9ea01@gmail.com>
Date: Thu, 6 Aug 2020 09:45:50 -0400
From: Stephen Smalley <stephen.smalley.work@...il.com>
To: peter enderborg <peter.enderborg@...y.com>,
Thiébaud Weksteen <tweek@...gle.com>,
Paul Moore <paul@...l-moore.com>
Cc: Nick Kralevich <nnk@...gle.com>,
Eric Paris <eparis@...isplace.org>,
Steven Rostedt <rostedt@...dmis.org>,
Ingo Molnar <mingo@...hat.com>,
Mauro Carvalho Chehab <mchehab+huawei@...nel.org>,
"David S. Miller" <davem@...emloft.net>,
Rob Herring <robh@...nel.org>, Arnd Bergmann <arnd@...db.de>,
linux-kernel@...r.kernel.org, selinux@...r.kernel.org
Subject: Re: [PATCH 2/2] selinux: add attributes to avc tracepoint
On 8/6/20 8:32 AM, Stephen Smalley wrote:
> On 8/6/20 8:24 AM, peter enderborg wrote:
>
>> On 8/6/20 2:11 PM, Stephen Smalley wrote:
>>> On 8/6/20 4:03 AM, Thiébaud Weksteen wrote:
>>>
>>>> From: Peter Enderborg <peter.enderborg@...y.com>
>>>>
>>>> Add further attributes to filter the trace events from AVC.
>>> Please include sample usage and output in the description.
>>>
>>>
>> Im not sure where you want it to be.
>>
>> In the commit message or in a Documentation/trace/events-avc.rst ?
>
> I was just asking for it in the commit message / patch description. I
> don't know what is typical for Documentation/trace.
For example, I just took the patches for a spin, running the
selinux-testsuite under perf like so:
sudo perf record -e avc:selinux_audited -g make test
and then ran:
sudo perf report -g
and a snippet of sample output included:
6.40% 6.40% requested=0x800000 denied=0x800000
audited=0x800000 result=-13 ssid=922 tsid=922
scontext=unconfined_u:unconfined_r:test_binder_mgr_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:test_binder_mgr_t:s0-s0:c0.c1023
tclass=capability
|
---0x495641000028933d
__libc_start_main
|
|--4.60%--__GI___ioctl
| entry_SYSCALL_64
| do_syscall_64
| __x64_sys_ioctl
| ksys_ioctl
| binder_ioctl
| binder_set_nice
| can_nice
| capable
| security_capable
| cred_has_capability.isra.0
| slow_avc_audit
| common_lsm_audit
| avc_audit_post_callback
| avc_audit_post_callback
|
Powered by blists - more mailing lists