On 09.09.2022 11:50, Daniel P. Smith wrote: > --- a/xen/xsm/flask/avc.c > +++ b/xen/xsm/flask/avc.c > @@ -566,14 +566,14 @@ void avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 > requested, > if ( a && (a->sdom || a->tdom) ) > { > if ( a->sdom && a->tdom && a->sdom != a->tdom ) > - avc_printk(&buf, "domid=%d target=%d ", a->sdom->domain_id, > a->tdom->domain_id); > + avc_printk(&buf, "source=%pd target=%dp ", a->sdom, a->tdom); > else if ( a->sdom ) > - avc_printk(&buf, "domid=%d ", a->sdom->domain_id); > + avc_printk(&buf, "source=%pd ", a->sdom); > else > - avc_printk(&buf, "target=%d ", a->tdom->domain_id); > + avc_printk(&buf, "target=%pd ", a->tdom);
Apart from switching to %pd to also replace "domid" by "source". That's fine in the first case (where both domain IDs are logged), but in the second case it's a little questionable. Wouldn't it be better to be able to distinguish the tdom == NULL case from the tdom == sdom one, perhaps by using "source" in the former case but "domid" in the latter one? Jan