On Sun, 2009-09-20 at 21:37 -0400, Eric Paris wrote: > This patch allows policy to specify a new type of donaudit rule. It does not > follow the normal semantics of a kernel permission. allow and auditallow > rules with this permission are completely meaningless. The kernel will accept > a policy with such rules, but they do absolutely nothing. What actually > happens is that if a process calls access() (or faccessat()) and SELinux > denies their request we will check for a dontaudit rule on the "audit_access" > permission. If there is a dontaudit rule on "audit_access" we will not print > an AVC. If there is no dontaudit rule we will print the AVC for the > permissions requested. Namely read, write, or exec. There will NEVER be a > denial message with the "audit_access" permission. Such a message would be > meaningless as this permission does not in ANY WAY control security decisions. This patch depends on: http://marc.info/?l=linux-fsdevel&m=125349667323054&w=2 Which i forgot to cc selinux-list and friends on. -Eric -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
