libselinux/0010-libselinux-Change-userspace-AVC-setenforce-and-polic.patch
Petr Lautrbach 74de835e2c Rebase on db0f2f382e31 at SELinuxProject
- Use libsepol.so.2
- Convert matchpathcon to selabel_lookup()
- Change userspace AVC setenforce and policy load messages to audit
  format
- Remove trailing slash on selabel_file lookups
- Use kernel status page by default
2020-10-30 12:56:19 +01:00

38 lines
1.2 KiB
Diff

From 7ef5b1854f75056d23e60aabc86706dfed622669 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <chpebeni@linux.microsoft.com>
Date: Tue, 15 Sep 2020 13:33:32 -0400
Subject: [PATCH] libselinux: Change userspace AVC setenforce and policy load
messages to audit format.
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
libselinux/src/avc_internal.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libselinux/src/avc_internal.c b/libselinux/src/avc_internal.c
index 572b2159c3ed..53a99a1fe957 100644
--- a/libselinux/src/avc_internal.c
+++ b/libselinux/src/avc_internal.c
@@ -59,7 +59,7 @@ int avc_process_setenforce(int enforcing)
int rc = 0;
avc_log(SELINUX_SETENFORCE,
- "%s: received setenforce notice (enforcing=%d)\n",
+ "%s: op=setenforce lsm=selinux enforcing=%d res=1",
avc_prefix, enforcing);
if (avc_setenforce)
goto out;
@@ -81,7 +81,7 @@ int avc_process_policyload(uint32_t seqno)
int rc = 0;
avc_log(SELINUX_POLICYLOAD,
- "%s: received policyload notice (seqno=%u)\n",
+ "%s: op=load_policy lsm=selinux seqno=%u res=1",
avc_prefix, seqno);
rc = avc_ss_reset(seqno);
if (rc < 0) {
--
2.29.0