AVC field names
John Dennis
jdennis at redhat.com
Wed May 23 15:45:47 UTC 2007
There are two fields in AVC audit messages which do not have a name, the
result and the access permissions (what is inside the braces {}).
In setroubleshoot we named the result "grant" and we named the access
permissions "access".
I see in auparse they have been named "seresults" and "seperms"
respectively.
Why is "seresults" plural? It's a single value isn't it?
Are these names in wide use? I ask because for sanity sake I don't want
to be in the business of translating names between libraries, just too
confusing, let's aim for consistency. My general impression was "access"
was way that items inside the braces were referred to in much of the
SELinux documentation. So based on what is out in the field and
anticipated usage should we be using:
"grant" & "access"
-OR-
"seresults" & "seperms" (seresult?)
I'll change one or the other, just don't want to have both in play at
the same time.
--
John Dennis <jdennis at redhat.com>
More information about the Linux-audit
mailing list