lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Aug 2020 08:13:53 -0400 From: Stephen Smalley <stephen.smalley.work@...il.com> To: peter enderborg <peter.enderborg@...y.com> Cc: Thiébaud Weksteen <tweek@...gle.com>, Paul Moore <paul@...l-moore.com>, Nick Kralevich <nnk@...gle.com>, Steven Rostedt <rostedt@...dmis.org>, Eric Paris <eparis@...isplace.org>, Ingo Molnar <mingo@...hat.com>, Mauro Carvalho Chehab <mchehab+huawei@...nel.org>, "David S. Miller" <davem@...emloft.net>, Rob Herring <robh@...nel.org>, linux-kernel <linux-kernel@...r.kernel.org>, SElinux list <selinux@...r.kernel.org> Subject: Re: [PATCH v3 3/3] selinux: add permission names to trace event On Tue, Aug 18, 2020 at 4:11 AM peter enderborg <peter.enderborg@...y.com> wrote: > > On 8/17/20 10:16 PM, Stephen Smalley wrote: > > On 8/17/20 1:07 PM, Thiébaud Weksteen wrote: > > > >> From: Peter Enderborg <peter.enderborg@...y.com> > >> > >> In the print out add permissions, it will look like: > >> <...>-1042 [007] .... 201.965142: selinux_audited: > >> requested=0x4000000 denied=0x4000000 audited=0x4000000 > >> result=-13 > >> scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 > >> tcontext=system_u:object_r:bin_t:s0 > >> tclass=file permissions={ !entrypoint } > >> > >> This patch is adding the "permissions={ !entrypoint }". > >> The permissions preceded by "!" have been denied and the permissions > >> without have been accepted. > >> > >> Note that permission filtering is done on the audited, denied or > >> requested attributes. > >> > >> Suggested-by: Steven Rostedt <rostedt@...dmis.org> > >> Suggested-by: Stephen Smalley <stephen.smalley.work@...il.com> > >> Reviewed-by: Thiébaud Weksteen <tweek@...gle.com> > >> Signed-off-by: Peter Enderborg <peter.enderborg@...y.com> > >> --- > >> include/trace/events/avc.h | 11 +++++++++-- > >> security/selinux/avc.c | 36 ++++++++++++++++++++++++++++++++++++ > >> 2 files changed, 45 insertions(+), 2 deletions(-) > >> > >> diff --git a/security/selinux/avc.c b/security/selinux/avc.c > >> index 7de5cc5169af..d585b68c2a50 100644 > >> --- a/security/selinux/avc.c > >> +++ b/security/selinux/avc.c > >> @@ -695,6 +695,7 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a) > >> audit_log_format(ab, " } for "); > >> } > >> + > >> /** > >> * avc_audit_post_callback - SELinux specific information > >> * will be called by generic audit code > > > > Also, drop the spurious whitespace change above. > > > > > Is there any other things we need to fix? A part 1&2 now OK? They looked ok to me, but Paul should review them.
Powered by blists - more mailing lists