The audit data currently captures which process and which target is responsible for a denial. There is no data on where exactly in the process that call occurred. Debugging can be made easier by adding a trace point when an event is audited. This series of patch defines this new trace point and extra attributes to easily match the tracepoint event with the audit event. It is also possible to filter the events based on these attributes. Changes since v2 ================ - Add patch to include decoded permissions. - Remove ssid and tsid from attributes list. - Update commit log with more context. Peter Enderborg (2): selinux: add basic filtering for audit trace events selinux: add permission names to trace event Thiébaud Weksteen (1): selinux: add tracepoint on denials MAINTAINERS | 1 + include/trace/events/avc.h | 60 ++++++++++++++++++++++++++++++++++++++ security/selinux/avc.c | 59 ++++++++++++++++++++++++++++++++----- 3 files changed, 113 insertions(+), 7 deletions(-) create mode 100644 include/trace/events/avc.h -- 2.28.0.220.ged08abb693-goog
