On Fri, 2017-04-28 at 14:05 +0100, Richard Haines wrote: > Add audit log entry to specify whether the decision was made in > permissive mode/permissive domain or enforcing mode. > > Signed-off-by: Richard Haines <[email protected]>
Thanks, applied. > --- > V2 changes: Remove utilities and follow the kernel way of detecting > whether permissive or not. > > libselinux/src/avc.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c > index b1ec57f..96b2678 100644 > --- a/libselinux/src/avc.c > +++ b/libselinux/src/avc.c > @@ -723,6 +723,10 @@ void avc_audit(security_id_t ssid, security_id_t > tsid, > > log_append(avc_audit_buf, " "); > avc_dump_query(ssid, tsid, tclass); > + > + if (denied) > + log_append(avc_audit_buf, " permissive=%u", result ? > 0 : 1); > + > log_append(avc_audit_buf, "\n"); > avc_log(SELINUX_AVC, "%s", avc_audit_buf); >
