On Wednesday 23 May 2007 11:45, John Dennis wrote:
> There are two fields in AVC audit messages which do not have a name, the
> result and the access permissions (what is inside the braces {}).Yes, I brought this up on the SE Linux mail list. > I see in auparse they have been named "seresults" and "seperms" > respectively. > > Why is "seresults" plural? It's a single value isn't it? Hmm...might be a typo. > Are these names in wide use? Probably not. > I ask because for sanity sake I don't want to be in the business of > translating names between libraries, just too confusing, let's aim for > consistency. My general impression was "access" was way that items inside > the braces were referred to in much of the SELinux documentation. So based > on what is out in the field and anticipated usage should we be using: > > "grant" & "access" > > -OR- > > "seresults" & "seperms" (seresult?) http://www.nsa.gov/selinux/list-archive/0701/19061.cfm -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
