On Sun, 2009-04-05 at 10:46 +0200, Etienne Basset wrote: > the following 2 patches implements auditing of security events for Smack. > It tries to implement what Eric Paris suggested, and moves shareable code > to include/linux/lsm_audit.h and security/lsm_audit.c. > Smack specific logging functions are now defined in smack_access.c
> type=1400 audit(1238919813.116:21): SMACK[smack_inode_getattr]: action=denied > subject="FOO" object="etienne" requested=r pid=6679 comm="bash" > path="/home/etienne/Desktop" dev=sda8ino=1237000 Can we make SMACK[smack_inode_getarr] into key=value pairs too and get rid of that extra ':'? Anyone have naming suggestions? lsm=SMACK function=smack_inode_getattr also: dev=sda8ino=1237000 I'm guessing that was just a typo of you putting the example into the e-mail, but you may want to double check. -Eric -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
