On Wed, 2008-05-07 at 11:17 -0400, Eric Paris wrote: > > I assume we do NOT want to use this variant interface when getting > > contexts to display in audit messages, as we want the audit messages to > > correspond to the actual denial and to yield proper policy if turned > > into an allow rule. > > Is there any way we could get them both displayed if there is a > denial? Might be interesting to know both that the denial was > actually unlabeled_t object but also what the 'incorrect' label > was..... Easy to do kernel-side, but requires a new avc audit field that won't cause any complaints by audit userland or tools like audit2allow. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
