grsecurity forums

[`VL]

that would be very nice to see chain of nested subjects in logs.

If you have big policy with nested subjects, you have a lot of same subjects, being in different chains; for example you have rules for 'mkdir' , executed from differnet scripts.

But in logs now it can only be seen that /bin/mkdir is denied to do something. And which one? There are many,if nested subjects are used.

Usually, it`s quite easy to detect, which one, but after some time if you find something like '/bin/mkdir' denied in logs it`s very hard to determine, which part of policy you have to fix.