[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [redhat-lspp] [RFC KERNEL] object audit filters based on SELinux context

From: Linda Knippers <linda knippers hp com>
To: Darrel Goeddel <dgoeddel trustedcs com>
Cc: redhat-lspp redhat com, Stephen Smalley <sds tycho nsa gov>, James Morris <jmorris redhat com>
Subject: Re: [redhat-lspp] [RFC KERNEL] object audit filters based on SELinux context
Date: Mon, 26 Jun 2006 13:11:30 -0400

Darrel Goeddel wrote:
> I recently noticed that we never got around to doing object filters
> based on context...  This patch introduces object audit filters
> based on the fields of the SELinux context.  I put in everything
> (user, role, type, levels) even though I don't think user and role
> will be of use.  I'm also open to names on the filters because I
> couldn't really think of anything that sounded really good
> (especially for the object's mls - "ol1 means object level 1" and
> "ol2 means object level2"...).  So, I'll trim and rename if people
> want that.  This is just the kernel part, the userspace patch to
> handle these fields is forthcoming.  One more thing - this patch
> only checks the contexts of filesystem objects.  We also collect
> sids for ipc objects in the aux structs, should I also loop through
> those and filter based on the sids contained in AUDIT_IPC records?

I would think so.

-- ljk

References:
- [redhat-lspp] [RFC KERNEL] object audit filters based on SELinux context
  - From: Darrel Goeddel

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]