feature request: show nested subjects in logs
Posted: Sun Apr 01, 2007 4:02 pm
that would be very nice to see chain of nested subjects in logs.
If you have big policy with nested subjects, you have a lot of same subjects, being in different chains; for example you have rules for 'mkdir' , executed from differnet scripts.
But in logs now it can only be seen that /bin/mkdir is denied to do something. And which one? There are many,if nested subjects are used.
Usually, it`s quite easy to detect, which one, but after some time if you find something like '/bin/mkdir' denied in logs it`s very hard to determine, which part of policy you have to fix.
If you have big policy with nested subjects, you have a lot of same subjects, being in different chains; for example you have rules for 'mkdir' , executed from differnet scripts.
But in logs now it can only be seen that /bin/mkdir is denied to do something. And which one? There are many,if nested subjects are used.
Usually, it`s quite easy to detect, which one, but after some time if you find something like '/bin/mkdir' denied in logs it`s very hard to determine, which part of policy you have to fix.