Head-banging targets, please
Stephen Smalley
sds at epoch.ncsc.mil
Tue Jan 4 15:47:08 UTC 2005
On Tue, 2005-01-04 at 09:42, Steve G wrote:
> I traced through the code and created a patch for dbus to use libaudit. It now
> works fine. But, I noticed the kernel generated messages have more information in
> them. I guess that's what the audit hook (avc_func_audit) was for.
I'd suggest coordinating with Colin, as he knows the dbus SELinux code
well. Yes, the libselinux AVC constructs a buffer containing the
information it knows plus any supplementary information provided by the
audit callback (e.g. information known only to the caller, in this case
dbusd) and then calls the log callback with the resulting buffer.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list