[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH 1/2] SELinux Context Label based audit filtering



On Fri, 2006-02-03 at 10:20 -0500, Steve Grubb wrote:
> On Friday 03 February 2006 10:20, Stephen Smalley wrote:
> > So is the above filter supposed to  be applied to just the terminal
> > component or all of them? 
> 
> I would expect it to be the object that is actually opened rather than any 
> intermediate path components.

Hmm..well, audit system harvests the information for the inodes as the
lookup proceeds, so it ends up with the information for all of them.
And the last one might not even be the terminal component of the
specified path; it may just be the last one before it hit some error
(like a search denial on a directory component).

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]