On 8/17/20 1:07 PM, Thiébaud Weksteen wrote:
From: Peter Enderborg <peter.enderb...@sony.com>In the print out add permissions, it will look like: <...>-1042 [007] .... 201.965142: selinux_audited: requested=0x4000000 denied=0x4000000 audited=0x4000000 result=-13 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file permissions={ !entrypoint } This patch is adding the "permissions={ !entrypoint }". The permissions preceded by "!" have been denied and the permissions without have been accepted. Note that permission filtering is done on the audited, denied or requested attributes. Suggested-by: Steven Rostedt <rost...@goodmis.org> Suggested-by: Stephen Smalley <stephen.smalley.w...@gmail.com> Reviewed-by: Thiébaud Weksteen <tw...@google.com> Signed-off-by: Peter Enderborg <peter.enderb...@sony.com> ---
Does this require a corresponding patch to userspace? Otherwise, I get the following:
libtraceevent: No such file or directory [avc:selinux_audited] function avc_trace_perm_to_name not defined
