-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephen Smalley wrote: > On Wed, 2008-05-07 at 11:17 -0400, Eric Paris wrote: >>> I assume we do NOT want to use this variant interface when getting >>> contexts to display in audit messages, as we want the audit messages to >>> correspond to the actual denial and to yield proper policy if turned >>> into an allow rule. >> Is there any way we could get them both displayed if there is a >> denial? Might be interesting to know both that the denial was >> actually unlabeled_t object but also what the 'incorrect' label >> was..... > > Easy to do kernel-side, but requires a new avc audit field that won't > cause any complaints by audit userland or tools like audit2allow. > Audit2allow would just ignore it. It is searching for name value pairs and drops ones it does not understand. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkgh4TYACgkQrlYvE4MpobPmeQCgqqWyHaFBDiQCjjTj5nTxP3V1 RKoAn0QUac3ZVxhe2vhw0nIWvOscnAGB =+jxw -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
