On Tue, 2005-01-04 at 09:42, Steve G wrote: > I traced through the code and created a patch for dbus to use libaudit. It now > works fine. But, I noticed the kernel generated messages have more information in > them. I guess that's what the audit hook (avc_func_audit) was for. I'd suggest coordinating with Colin, as he knows the dbus SELinux code well. Yes, the libselinux AVC constructs a buffer containing the information it knows plus any supplementary information provided by the audit callback (e.g. information known only to the caller, in this case dbusd) and then calls the log callback with the resulting buffer. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
