[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: How can I find out what all the SELinux transactions are?

From: Stephen Smalley <sds tycho nsa gov>
To: timothy renner gmail com
Cc: fedora-selinux-list redhat com
Subject: Re: How can I find out what all the SELinux transactions are?
Date: Mon, 27 Oct 2008 08:59:15 -0400

On Fri, 2008-10-24 at 15:38 -0700, Timothy Renner wrote:
> Is there any debug stream available that can tell me what is being 
> processed by the SELinux system?  Specifically, I'd like to be able to 
> follow the trail from starting an executable, through its state 
> transitions, what files it reads, and what their file contexts are, and 
> what transitions happen as it calls external programs.

Options:
- Use system call auditing (see man pages for autrace, auditctl, auditd;
ask questions on linux-audit redhat com).
or
- Add auditallow rules to the domain for the program in order to trigger
auditing of permission grantings.

And of course, denials are already audited by SELinux by default.

-- 
Stephen Smalley
National Security Agency

References:
- How can I find out what all the SELinux transactions are?
  - From: Timothy Renner

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]