[PATCH v3 18/23] landlock: Log scoped denials
Paul Moore
paul at paul-moore.com
Mon Jan 6 22:33:07 UTC 2025
On Mon, Jan 6, 2025 at 9:51 AM Mickaël Salaün <mic at digikod.net> wrote:
> On Sat, Jan 04, 2025 at 08:23:53PM -0500, Paul Moore wrote:
> > On Nov 22, 2024 =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= <mic at digikod.net> wrote:
> > >
> > > Add audit support for unix_stream_connect, unix_may_send, task_kill, and
> > > file_send_sigiotask hooks.
> > >
> > > Audit event sample:
> > >
> > > type=LL_DENY [...]: domain=195ba459b blockers=scope_abstract_unix_socket path=00666F6F
> >
> > Similar to 17/23, I believe the SOCKADDR record should already capture
> > the socket address information.
>
> This might not be the case, which is why SELinux and others explicitly
> log it I guess.
I think I may be misunderstanding you, can you point to the section of
SELinux code that you are referring to in your comment?
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list