On Tue, 2004-11-02 at 11:31, Steve G wrote:
I see the truncated errors repeatedly and often. I don't do anything special, just run strict policy and do basic desktop stuff like checking my email.
I was wondering where the code was that actually does the logging. I see an avc_init function call that takes a logger callback function. I was wondering what is being used for the callback. Is it in user space or kernel?
The issue has to do with the kernel audit framework (linux-2.6.x/kernel/audit.c), which is called by the kernel AVC (linux-2.6.x/security/selinux/avc.c:avc_audit). Userspace AVC is a port of the kernel AVC to userspace, not relevant to this particular bug.