On Thu, 18 Jun 2009, KaiGai Kohei wrote: > [PATCH] Add audit messages on type boundary violations > > The attached patch adds support to generate audit messages on two cases. > > The first one is a case when a multi-thread process tries to switch its > performing security context using setcon(3), but new security context is > not bounded by the old one. > > type=SELINUX_ERR msg=audit(1245311998.599:17): \ > op=security_bounded_transition result=denied \ > oldcontext=system_u:system_r:httpd_t:s0 \ > newcontext=system_u:system_r:guest_webapp_t:s0 > > The other one is a case when security_compute_av() masked any permissions > due to the type boundary violation. > > type=SELINUX_ERR msg=audit(1245312836.035:32): \ > op=security_compute_av reason=bounds \ > scontext=system_u:object_r:user_webapp_t:s0 \ > tcontext=system_u:object_r:shadow_t:s0:c0 \ > tclass=file perms=getattr,open > > > Signed-off-by: KaiGai Kohei <kaigai@xxxxxxxxxxxxx> Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
