On Sat, 1 Apr 2023 at 02:43, Steven Moreland <smoreland@xxxxxxxxxx> wrote: > > From: smore-lore <45954464+smore-lore@xxxxxxxxxxxxxxxxxxxxxxxx> > > The kernel-based logs only have one space. I don't think they have: https://github.com/SELinuxProject/selinux-kernel/blob/dd43102acca0836f5e50746c47c258be1ef9060c/security/selinux/avc.c#L674 > So, many scripts need to > parse 'avc: denied' and 'avc: denied'. Also, I frequently have > developers missing denials because they grep for the single space > version locally. > > Signed-off-by: Steven Moreland <smoreland@xxxxxxxxxx> > --- > libselinux/src/avc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c > index 8d5983a2..8fdb2389 100644 > --- a/libselinux/src/avc.c > +++ b/libselinux/src/avc.c > @@ -711,7 +711,7 @@ void avc_audit(security_id_t ssid, security_id_t tsid, > /* prevent overlapping buffer writes */ > avc_get_lock(avc_log_lock); > snprintf(avc_audit_buf, AVC_AUDIT_BUFSIZE, > - "%s: %s ", avc_prefix, (denied || !requested) ? "denied" : "granted"); > + "%s: %s ", avc_prefix, (denied || !requested) ? "denied" : "granted"); > avc_dump_av(tclass, audited); > log_append(avc_audit_buf, " for "); > > -- > 2.40.0.348.gf938b09366-goog >
