linux-audit / audit-kernel

GitHub mirror of the Linux Kernel's audit repository
https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git
Other
140 stars 37 forks source link

Q: normalize AUDIT_SELINUX_ERR records #49

Closed rgbriggs closed 6 years ago

rgbriggs commented 7 years ago

@stevegrubb Are these worth normalizing the listed fields?

Should "oldcontext" be switched to "old-scontext", "newcontext" to "scontext", "taskcontext" to "tcontext"?

stevegrubb commented 7 years ago

Sure. That said, you'd need permission from selinux community to mess with their events.

pcmoore commented 6 years ago

I'm really not sure this is worth the risk; we stand a reasonable chance of breaking stuff (setroubleshoot, audit2allow, etc.) simply so the output is a little more consistent. Consistency is nice, but I think we missed our opportunity here.

Perhaps most importantly, as the SELinux kernel maintainer I'm going to NACK this for the time being, so let's close this as WONTFIX.