Audit SELinux label assignment.
A more natural auditing point would perhaps be SELinuxSetSecurityProcessLabel, but this happens in the child after root permissions are dropped, so the kernel would refuse the audit record.
Showing
想要评论请 注册 或 登录