Re: [PATCH v2 2/2] selinux: add basic filtering for audit trace events

On Thu, 13 Aug 2020 20:18:55 +0200 peter enderborg wrote: > > The "%p" gets obfuscated when printed from the trace file by default > > now. But they are consistent (where the same pointer shows up as the > > same hash). > > > > It's used mainly to map together events. For example, if you print th

Re: [PATCH v2 2/2] selinux: add basic filtering for audit trace events

On 8/13/20 7:38 PM, Steven Rostedt wrote: > On Thu, 13 Aug 2020 19:14:10 +0200 > peter enderborg wrote: > >>> To be clear, userspace tools can't use fixed secid values because >>> secids are dynamically assigned by SELinux and thus secid 42 need >>> not correspond to the same security context acro

Re: [PATCH v2 2/2] selinux: add basic filtering for audit trace events

On Thu, 13 Aug 2020 19:14:10 +0200 peter enderborg wrote: > > To be clear, userspace tools can't use fixed secid values because > > secids are dynamically assigned by SELinux and thus secid 42 need > > not correspond to the same security context across different boots > > even with the same kerne

Re: [PATCH v2 2/2] selinux: add basic filtering for audit trace events

On 8/13/20 5:49 PM, Stephen Smalley wrote: > On 8/13/20 11:35 AM, peter enderborg wrote: > >> On 8/13/20 5:05 PM, Casey Schaufler wrote: >>> On 8/13/2020 7:48 AM, Thiébaud Weksteen wrote: From: Peter Enderborg This patch adds further attributes to the event. These attributes are >>>

Re: [PATCH v2 2/2] selinux: add basic filtering for audit trace events

On 8/13/20 5:49 PM, Stephen Smalley wrote: > On 8/13/20 11:35 AM, peter enderborg wrote: > >> On 8/13/20 5:05 PM, Casey Schaufler wrote: >>> On 8/13/2020 7:48 AM, Thiébaud Weksteen wrote: From: Peter Enderborg This patch adds further attributes to the event. These attributes are >>>

Re: [PATCH v2 2/2] selinux: add basic filtering for audit trace events

On 8/13/20 11:35 AM, peter enderborg wrote: On 8/13/20 5:05 PM, Casey Schaufler wrote: On 8/13/2020 7:48 AM, Thiébaud Weksteen wrote: From: Peter Enderborg This patch adds further attributes to the event. These attributes are helpful to understand the context of the message and can be used t

Re: [PATCH v2 2/2] selinux: add basic filtering for audit trace events

On 8/13/20 5:05 PM, Casey Schaufler wrote: > On 8/13/2020 7:48 AM, Thiébaud Weksteen wrote: >> From: Peter Enderborg >> >> This patch adds further attributes to the event. These attributes are >> helpful to understand the context of the message and can be used >> to filter the events. >> >> There

Re: [PATCH v2 2/2] selinux: add basic filtering for audit trace events

On 8/13/2020 7:48 AM, Thiébaud Weksteen wrote: > From: Peter Enderborg > > This patch adds further attributes to the event. These attributes are > helpful to understand the context of the message and can be used > to filter the events. > > There are three common items. Source context, target conte