* [PATCH 1/2] libselinux: Add additional log callback details in man page for auditing.
@ 2020-09-15 17:33 Chris PeBenito
2020-09-15 17:33 ` [PATCH 2/2] libselinux: Change userspace AVC setenforce and policy load messages to audit format Chris PeBenito
2020-09-15 20:41 ` [PATCH 1/2] libselinux: Add additional log callback details in man page for auditing Stephen Smalley
0 siblings, 2 replies; 6+ messages in thread
From: Chris PeBenito @ 2020-09-15 17:33 UTC (permalink / raw)
To: selinux; +Cc: sgrubb
Add additional information about the log callback message types. Indicate
which types could be audited and the relevant audit record types for them.
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
---
libselinux/man/man3/selinux_set_callback.3 | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/libselinux/man/man3/selinux_set_callback.3 b/libselinux/man/man3/selinux_set_callback.3
index 6dfe5ff6..75f49b06 100644
--- a/libselinux/man/man3/selinux_set_callback.3
+++ b/libselinux/man/man3/selinux_set_callback.3
@@ -51,6 +51,15 @@ argument indicates the type of message and will be set to one of the following:
.B SELINUX_SETENFORCE
+SELINUX_ERROR, SELINUX_WARNING, and SELINUX_INFO indicate standard log severity
+levels and are not auditable messages.
+
+The SELINUX_AVC, SELINUX_POLICYLOAD, and SELINUX_SETENFORCE message types can be
+audited with AUDIT_USER_AVC, AUDIT_USER_MAC_POLICY_LOAD, and AUDIT_USER_MAC_STATUS
+values from libaudit, respectively. If they are not audited, SELINUX_AVC should be
+considered equivalent to SELINUX_ERROR; similarly, SELINUX_POLICYLOAD and
+SELINUX_SETENFORCE should be considered equivalent to SELINUX_INFO.
+
.
.TP
.B SELINUX_CB_AUDIT
--
2.26.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/2] libselinux: Change userspace AVC setenforce and policy load messages to audit format.
2020-09-15 17:33 [PATCH 1/2] libselinux: Add additional log callback details in man page for auditing Chris PeBenito
@ 2020-09-15 17:33 ` Chris PeBenito
2020-09-15 20:43 ` Stephen Smalley
2020-09-15 20:44 ` Steve Grubb
2020-09-15 20:41 ` [PATCH 1/2] libselinux: Add additional log callback details in man page for auditing Stephen Smalley
1 sibling, 2 replies; 6+ messages in thread
From: Chris PeBenito @ 2020-09-15 17:33 UTC (permalink / raw)
To: selinux; +Cc: sgrubb
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
---
libselinux/src/avc_internal.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libselinux/src/avc_internal.c b/libselinux/src/avc_internal.c
index 572b2159..53a99a1f 100644
--- a/libselinux/src/avc_internal.c
+++ b/libselinux/src/avc_internal.c
@@ -59,7 +59,7 @@ int avc_process_setenforce(int enforcing)
int rc = 0;
avc_log(SELINUX_SETENFORCE,
- "%s: received setenforce notice (enforcing=%d)\n",
+ "%s: op=setenforce lsm=selinux enforcing=%d res=1",
avc_prefix, enforcing);
if (avc_setenforce)
goto out;
@@ -81,7 +81,7 @@ int avc_process_policyload(uint32_t seqno)
int rc = 0;
avc_log(SELINUX_POLICYLOAD,
- "%s: received policyload notice (seqno=%u)\n",
+ "%s: op=load_policy lsm=selinux seqno=%u res=1",
avc_prefix, seqno);
rc = avc_ss_reset(seqno);
if (rc < 0) {
--
2.26.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] libselinux: Add additional log callback details in man page for auditing.
2020-09-15 17:33 [PATCH 1/2] libselinux: Add additional log callback details in man page for auditing Chris PeBenito
2020-09-15 17:33 ` [PATCH 2/2] libselinux: Change userspace AVC setenforce and policy load messages to audit format Chris PeBenito
@ 2020-09-15 20:41 ` Stephen Smalley
1 sibling, 0 replies; 6+ messages in thread
From: Stephen Smalley @ 2020-09-15 20:41 UTC (permalink / raw)
To: Chris PeBenito; +Cc: SElinux list, Steve Grubb
On Tue, Sep 15, 2020 at 1:36 PM Chris PeBenito
<chpebeni@linux.microsoft.com> wrote:
>
> Add additional information about the log callback message types. Indicate
> which types could be audited and the relevant audit record types for them.
>
> Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] libselinux: Change userspace AVC setenforce and policy load messages to audit format.
2020-09-15 17:33 ` [PATCH 2/2] libselinux: Change userspace AVC setenforce and policy load messages to audit format Chris PeBenito
@ 2020-09-15 20:43 ` Stephen Smalley
2020-09-17 20:20 ` Stephen Smalley
2020-09-15 20:44 ` Steve Grubb
1 sibling, 1 reply; 6+ messages in thread
From: Stephen Smalley @ 2020-09-15 20:43 UTC (permalink / raw)
To: Chris PeBenito; +Cc: SElinux list, Steve Grubb
On Tue, Sep 15, 2020 at 1:37 PM Chris PeBenito
<chpebeni@linux.microsoft.com> wrote:
>
> Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] libselinux: Change userspace AVC setenforce and policy load messages to audit format.
2020-09-15 17:33 ` [PATCH 2/2] libselinux: Change userspace AVC setenforce and policy load messages to audit format Chris PeBenito
2020-09-15 20:43 ` Stephen Smalley
@ 2020-09-15 20:44 ` Steve Grubb
1 sibling, 0 replies; 6+ messages in thread
From: Steve Grubb @ 2020-09-15 20:44 UTC (permalink / raw)
To: selinux, Chris PeBenito
On Tuesday, September 15, 2020 1:33:32 PM EDT Chris PeBenito wrote:
> Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
> ---
> libselinux/src/avc_internal.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libselinux/src/avc_internal.c b/libselinux/src/avc_internal.c
> index 572b2159..53a99a1f 100644
> --- a/libselinux/src/avc_internal.c
> +++ b/libselinux/src/avc_internal.c
> @@ -59,7 +59,7 @@ int avc_process_setenforce(int enforcing)
> int rc = 0;
>
> avc_log(SELINUX_SETENFORCE,
> - "%s: received setenforce notice (enforcing=%d)\n",
> + "%s: op=setenforce lsm=selinux enforcing=%d res=1",
> avc_prefix, enforcing);
> if (avc_setenforce)
> goto out;
> @@ -81,7 +81,7 @@ int avc_process_policyload(uint32_t seqno)
> int rc = 0;
>
> avc_log(SELINUX_POLICYLOAD,
> - "%s: received policyload notice (seqno=%u)\n",
> + "%s: op=load_policy lsm=selinux seqno=%u res=1",
> avc_prefix, seqno);
> rc = avc_ss_reset(seqno);
> if (rc < 0) {
These look good from an audit perspective.
Thanks,
-Steve
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] libselinux: Change userspace AVC setenforce and policy load messages to audit format.
2020-09-15 20:43 ` Stephen Smalley
@ 2020-09-17 20:20 ` Stephen Smalley
0 siblings, 0 replies; 6+ messages in thread
From: Stephen Smalley @ 2020-09-17 20:20 UTC (permalink / raw)
To: Chris PeBenito; +Cc: SElinux list, Steve Grubb
On Tue, Sep 15, 2020 at 4:43 PM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> On Tue, Sep 15, 2020 at 1:37 PM Chris PeBenito
> <chpebeni@linux.microsoft.com> wrote:
> >
> > Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
>
> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Both applied.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-09-17 20:20 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-15 17:33 [PATCH 1/2] libselinux: Add additional log callback details in man page for auditing Chris PeBenito
2020-09-15 17:33 ` [PATCH 2/2] libselinux: Change userspace AVC setenforce and policy load messages to audit format Chris PeBenito
2020-09-15 20:43 ` Stephen Smalley
2020-09-17 20:20 ` Stephen Smalley
2020-09-15 20:44 ` Steve Grubb
2020-09-15 20:41 ` [PATCH 1/2] libselinux: Add additional log callback details in man page for auditing Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.