All of lore.kernel.org
 help / color / mirror / Atom feed
From: Chris PeBenito <chpebeni@linux.microsoft.com>
To: selinux@vger.kernel.org
Cc: sgrubb@redhat.com
Subject: [PATCH 1/2] libselinux: Add additional log callback details in man page for auditing.
Date: Tue, 15 Sep 2020 13:33:31 -0400	[thread overview]
Message-ID: <20200915173332.574700-1-chpebeni@linux.microsoft.com> (raw)

Add additional information about the log callback message types.  Indicate
which types could be audited and the relevant audit record types for them.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
---
 libselinux/man/man3/selinux_set_callback.3 | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/libselinux/man/man3/selinux_set_callback.3 b/libselinux/man/man3/selinux_set_callback.3
index 6dfe5ff6..75f49b06 100644
--- a/libselinux/man/man3/selinux_set_callback.3
+++ b/libselinux/man/man3/selinux_set_callback.3
@@ -51,6 +51,15 @@ argument indicates the type of message and will be set to one of the following:
 
 .B SELINUX_SETENFORCE
 
+SELINUX_ERROR, SELINUX_WARNING, and SELINUX_INFO indicate standard log severity
+levels and are not auditable messages.
+
+The SELINUX_AVC, SELINUX_POLICYLOAD, and SELINUX_SETENFORCE message types can be
+audited with AUDIT_USER_AVC, AUDIT_USER_MAC_POLICY_LOAD, and AUDIT_USER_MAC_STATUS
+values from libaudit, respectively.  If they are not audited, SELINUX_AVC should be
+considered equivalent to SELINUX_ERROR; similarly, SELINUX_POLICYLOAD and
+SELINUX_SETENFORCE should be considered equivalent to SELINUX_INFO.
+
 .
 .TP
 .B SELINUX_CB_AUDIT
-- 
2.26.2


             reply	other threads:[~2020-09-15 17:34 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-15 17:33 Chris PeBenito [this message]
2020-09-15 17:33 ` [PATCH 2/2] libselinux: Change userspace AVC setenforce and policy load messages to audit format Chris PeBenito
2020-09-15 20:43   ` Stephen Smalley
2020-09-17 20:20     ` Stephen Smalley
2020-09-15 20:44   ` Steve Grubb
2020-09-15 20:41 ` [PATCH 1/2] libselinux: Add additional log callback details in man page for auditing Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200915173332.574700-1-chpebeni@linux.microsoft.com \
    --to=chpebeni@linux.microsoft.com \
    --cc=selinux@vger.kernel.org \
    --cc=sgrubb@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.