On Tue, 2004-11-02 at 11:31, Steve G wrote: > >I see the truncated errors repeatedly and often. I don't do anything special, > >just run strict policy and do basic desktop stuff like checking my email. > > I was wondering where the code was that actually does the logging. I see an > avc_init function call that takes a logger callback function. I was wondering > what is being used for the callback. Is it in user space or kernel? The issue has to do with the kernel audit framework (linux-2.6.x/kernel/audit.c), which is called by the kernel AVC (linux-2.6.x/security/selinux/avc.c:avc_audit). Userspace AVC is a port of the kernel AVC to userspace, not relevant to this particular bug. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
