There are two fields in AVC audit messages which do not have a name, the
result and the access permissions (what is inside the braces {}).In setroubleshoot we named the result "grant" and we named the access permissions "access". I see in auparse they have been named "seresults" and "seperms" respectively. Why is "seresults" plural? It's a single value isn't it? Are these names in wide use? I ask because for sanity sake I don't want to be in the business of translating names between libraries, just too confusing, let's aim for consistency. My general impression was "access" was way that items inside the braces were referred to in much of the SELinux documentation. So based on what is out in the field and anticipated usage should we be using: "grant" & "access" -OR- "seresults" & "seperms" (seresult?) I'll change one or the other, just don't want to have both in play at the same time. -- John Dennis <[EMAIL PROTECTED]> -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
