On Thu, 2009-06-18 at 17:35 +0900, KaiGai Kohei wrote: > By the way, we can find 8 of AUDIT_SELINUX_ERR messages more than > type_attribute_bounds_av(), such as: > > at selinux/hooks.c:4316 > > audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR, > "SELinux: unrecognized netlink message" > " type=%hu for sclass=%hu\n", > nlh->nlmsg_type, isec->sclass); > > Should it be replaced to <key>=<value> style? As long as it doesn't break existing userspace, that is fine with me. Offhand, the only SELINUX_ERR message that is presently parsed by userspace is the compute_sid one, by audit2allow/sepolgen (in order to generate role-type statements when they are missing on a domain transition). And even that is a fairly rare case and could perhaps be changed with minimal disruption. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
