[patch] improved SELinux auditing
Colin Walters
walters at verbum.org
Sun Nov 7 16:08:57 PST 2004
Hi,
While debugging things, right now the only information in the D-BUS
SELinux audit messages is the source and target types. Often, I want to
know exactly what service a process is trying to acquire, or exactly
what message it's sending. For example, here's what happens currently
when Imsep can't acquire org.freedesktop.Imsep:
Nov 7 19:00:39 nexus dbus: avc: denied { acquire_svc } for scontext=user_u:system_r:imsep_master_t tcontext=user_u:system_r:unconfined_t tclass=dbus
After this patch:
Nov 7 19:00:39 nexus dbus: avc: denied { acquire_svc } for service=org.freedesktop.Imsep spid=1555 scontext=user_u:system_r:imsep_master_t tcontext=user_u:system_r:unconfined_t tclass=dbus
Here's what happens currently when it can't send a message:
Nov 7 19:05:05 nexus dbus: avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:imsep_master_t tclass=dbus
And after this patch:
Nov 7 19:05:05 nexus dbus: avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.Imsep.Master member=Acquire dest=org.freedesktop.Imsep spid=1736 tpid=1736 scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:imsep_master_t tclass=dbus
Much more useful for debugging :)
libselinux provides a hook to add auxiliary audit data, this patch just
makes D-BUS use it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dbus-better-selinux-audit.patch
Type: text/x-patch
Size: 8028 bytes
Desc: not available
Url : http://freedesktop.org/pipermail/dbus/attachments/20041107/6d4c4055/dbus-better-selinux-audit.bin
More information about the dbus
mailing list