How about permitted rather then allowed. On 04/29/2014 10:59 PM, Eric Paris wrote: > On Tue, 2014-04-29 at 16:54 -0700, Stephen Smalley wrote: >> Requested for Android in order to distinguish denials that are not in >> fact breaking anything yet due to permissive domains versus denials >> that are being enforced, but seems generally useful. result field was >> already in the selinux audit data structure and was being passed to >> avc_audit() but wasn't being used. Seems to cause no harm to ausearch >> or audit2allow to add it as a field. Comments? > I think it's a great idea, but I'm worried that Steve is going to get > grumpy because an AVC record is going to have a result= field which is > similar, but not necessarily related to the res= field of a SYSCALL > record. Seems easily confused (although probably 9999 times out of > 10000 they will be the same) > > So while I wholeheartedly think we should take the idea, I wonder if > someone can dream up a name that isn't confusingly similar... > > I can't think of anything... > > -Eric > > > -- > Linux-audit mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
