On 8/17/20 1:07 PM, Thiébaud Weksteen wrote:
From: Peter Enderborg <peter.enderborg@xxxxxxxx>
In the print out add permissions, it will look like:
<...>-1042 [007] .... 201.965142: selinux_audited:
requested=0x4000000 denied=0x4000000 audited=0x4000000
result=-13
scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:bin_t:s0
tclass=file permissions={ !entrypoint }
This patch is adding the "permissions={ !entrypoint }".
The permissions preceded by "!" have been denied and the permissions
without have been accepted.
Note that permission filtering is done on the audited, denied or
requested attributes.
Suggested-by: Steven Rostedt <rostedt@xxxxxxxxxxx>
Suggested-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Reviewed-by: Thiébaud Weksteen <tweek@xxxxxxxxxx>
Signed-off-by: Peter Enderborg <peter.enderborg@xxxxxxxx>
---
Does this require a corresponding patch to userspace? Otherwise, I get
the following:
libtraceevent: No such file or directory
[avc:selinux_audited] function avc_trace_perm_to_name not defined
