On Wednesday, August 12, 2015 10:48:10 PM Paul Moore wrote: > On Wednesday, August 12, 2015 05:38:14 PM Steve Grubb wrote: > > On Wednesday, August 12, 2015 08:40:34 AM Paul Moore wrote: > > > Hello all, > > > > > > I'm currently working on a set of LSM hooks for the new kdbus IPC > > > mechanism > > > and one of the things that I believe we will need to add is a new audit > > > field for the kdbus service name (very similar to the old fashioned dbus > > > service name). I was thinking "kdbus_svc" for the field name, any > > > objections? > > > > What was used on the old dbus events? > > The very generic "service" field name, see the "acquire_svc" example in the > URL below. I believe there is some value in picking a new field name since > 1) the field name is too generic in my opinion and 2) kdbus != dbus. In my book, they are the same. They are programs providing services on the bus. One thing I noticed in the dbus events is that there are a number of user controlled fields that are not escaped. Call it kdbus_svc if you want, but log it untrusted. Thanks, -Steve _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
