On Wed, 2010-01-20 at 15:49 -0500, Daniel J Walsh wrote: > On 01/20/2010 02:50 PM, Stephen Smalley wrote: > > type=PATH msg=audit(01/20/2010 14:43:20.785:41253) : item=0 name=./capable_file/temp_file inode=841249 dev=fd:00 mode=file,644 ouid=root ogid=root rdev=00:00 obj=unconfined_u:object_r:test_file_t:s0 > > Why does path begin with a ./capable_file/temp_file? Because the audit system is collecting the pathname string that was passed to the system call, and that pathname was a relative path. But note the CWD record which enables you to deduce the absolute path. -- Stephen Smalley National Security Agency -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
