On 1/14/2011 1:17 AM, mohit verma wrote: > hi folks, > can someone help me understand the use of the function > selinux_audit_rule_init <http://lxr.linux.no/linux+*/+code=selinux_audit_rule_init>(u32 <http://lxr.linux.no/linux+*/+code=u32> field <http://lxr.linux.no/linux+*/+code=field>, u32 <http://lxr.linux.no/linux+*/+code=u32> op <http://lxr.linux.no/linux+*/+code=op>, char *rulestr <http://lxr.linux.no/linux+*/+code=rulestr>, void **vrule <http://lxr.linux.no/linux+*/+code=vrule>); > > > does this function gets initialized at initramfs or later on to log the data? i mean i am completely blank at this function. > > thanks in advance to elaborate on it. You will find it called (twice) in kernel/auditfilter.c as security_audit_rule_init. This is an LSM hook. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
