[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
audit logging & log callback for avc
- To: SE-Linux <selinux@xxxxxxxxxxxxx>
- Subject: audit logging & log callback for avc
- From: Steve G <linux_4ever@xxxxxxxxx>
- Date: Mon, 31 Oct 2005 07:32:35 -0800 (PST)
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=Htvfpo/3zIyiqnGokKCHapRZT6ZnFnvo0DpIiAneKu1YXHU+A78GeINg7Sy8CTlF8G2s45XicjH4ibReewkD+6aI2DFgt51pYNYwp3Q+cTaTDU7zFJSxnptHsLpGSA9eKTve0wepJRCr3YQZX6+tsQ1/Uql39aULjeohLz5OFNs= ;
- Sender: owner-selinux@xxxxxxxxxxxxx
Hello,
I have run across a problem as perhaps the only user of the log callback for
avcs. I want to get the correct uid & loginuid of the user receiving the MAC
denial in the message. For example, in dbus, you could get this message:
Oct 6 20:47:39 devsvr01 dbus: Can't send to audit system: USER_AVC
pid=2426 uid=81 loginuid=-1 message=avc: denied { send_msg } for
scontext=root:system_r:unconfined_t tcontext=user_u:system_r:initrc_t
tclass=dbus
loginuid is unset since dbus is a daemon started by init & uid is the dbus
daemon's uid. The log callback function signature is:
void log_callback (const char *fmt, ...);
So, either the callback needs to have the parameters passed for auid & uid or the
message being generated needs to include this info.
Which way is the best to handle this scenario?
Thanks,
-Steve Grubb
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
This mailing list archive is a service of Copilot Consulting.