Thanks.
I will check setroubleshootd's plugins and also ask maybe Mr. G, Steve.
I thought reading audit.log was not a good idea, but I couldn't do other way.
It pops up every time when file-size differs the problem is the timing whent
the program reading the size of the file which is in the very time making it.
So, it's best to pops up the 'the exact time' when violation occurs like setroubleshoot.
Yes, I know some friends in JP doing same kind of thing and I will ask them, too.
Setroubleshoot itself looks perfect, but I want to make it my own just for my study.
I will work hard and want to contribute SELinux itself someday...
--
http://intrajp.no-ip.com/ Home Page
I will check setroubleshootd's plugins and also ask maybe Mr. G, Steve.
I thought reading audit.log was not a good idea, but I couldn't do other way.
It pops up every time when file-size differs the problem is the timing whent
the program reading the size of the file which is in the very time making it.
So, it's best to pops up the 'the exact time' when violation occurs like setroubleshoot.
Yes, I know some friends in JP doing same kind of thing and I will ask them, too.
Setroubleshoot itself looks perfect, but I want to make it my own just for my study.
I will work hard and want to contribute SELinux itself someday...
2008/9/2 Stephen Smalley <sds@xxxxxxxxxxxxx>
I believe that setroubleshootd uses an audispd (audit dispatcher) plugin
On Mon, 2008-09-01 at 18:06 +0900, Shintaro Fujiwara wrote:
> Hello, I'm Shintaro, Fujiwara writer of segatex.
>
> I wrote a small c program in latest segatex which pops up a widget
> when violation occurs but,
> it only reads audit.log and make another file and periodically compare
> old one and new one.
> If new one differs from old one, it pops up a widget.
>
> But what I really want to do is that something like setroubleshoot,
> which I imagine reads kernel directly.
>
> I'm making segatex not to alternate Redhat's one, but for my own
> pleasure and my study.
>
> I have no experiences reading kernel and don't know how to read kernel
> files at all.
>
> So, if you have time to spare for me, please let me know how to read
> kernel files.
>
> This time, I want to make a small program like setroubleshoot.
>
> Thank you very much in advance.
in order to directly receive copies of audit messages in "real time".
Given that setroubleshootd source code is readily available, you should
be able to study it. You don't need to directly read the audit log
file, nor should you do so.
--
Stephen Smalley
National Security Agency
--
http://intrajp.no-ip.com/ Home Page
