[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Should this be a dontaudit or an allow in targeted.

To: Stephen Smalley <sds@xxxxxxxxxxxxx>
Subject: Re: Should this be a dontaudit or an allow in targeted.
From: Russell Coker <russell@xxxxxxxxxxxx>
Date: Sat, 12 Nov 2005 20:49:29 +1100
Cc: Daniel J Walsh <dwalsh@xxxxxxxxxx>, Chad Hanson <chanson@xxxxxxxxxxxxx>, Darrel Goeddel <dgoeddel@xxxxxxxxxxxxx>, SE Linux <selinux@xxxxxxxxxxxxx>
In-reply-to: <1130774532.22731.118.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <43663282.8030707@xxxxxxxxxx> <1130774532.22731.118.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: russell@xxxxxxxxxxxx
Sender: owner-selinux@xxxxxxxxxxxxx
User-agent: KMail/1.8.92

On Tuesday 01 November 2005 03:02, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> On a related note, it has been suggested (on lspp) that we might need
> dontaudit/auditallow rules based on MLS level.  Is that true, or can we
> just leverage the existing TE-based rules to control such auditing based
> on type (which typically gives us finer granularity anyway)?

It seems sensible to have audit controlled on the same basis as access.  So 
for any criteria on which access can be allowed/denied it should be possible 
to base audit decisions on the same criteria.

auditconstrain/mlsauditconstrain?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

References:
- Should this be a dontaudit or an allow in targeted.
  - From: Daniel J Walsh
- Re: Should this be a dontaudit or an allow in targeted.
  - From: Stephen Smalley

Prev by Date: Re: changes in ~2.6.13 break postfix policy?
Next by Date: Re: Small patch for runuser: disallow suid operation
Previous by thread: Re: Should this be a dontaudit or an allow in targeted.
Next by thread: [ SEMANAGE ] [ SEPOL ] Pass handle to user/boolean/interface, and port APIs
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.