[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [redhat-lspp] Syscalls questions

From: Klaus Weidner <klaus atsec com>
To: David Howells <dhowells redhat com>
Cc: lspp-list <redhat-lspp redhat com>, Kris Wilson <krisw us ibm com>
Subject: Re: [redhat-lspp] Syscalls questions
Date: Wed, 28 Jun 2006 14:06:33 -0500

On Tue, Jun 27, 2006 at 06:48:26PM +0100, David Howells wrote:
> Kris Wilson <krisw us ibm com> wrote:
> > We are trying to finalize our list of syscalls to test and have the 
> > following questions:
> 
> Test in what way?

The testing would be for compliance with LSPP, in this case that the
syscalls properly implement mandatory access control and generate correct
audit records.

> > add_key
> > request_key
> > keyctl
> 
> Anybody may use them.

Is there any clean way to disable them at runtime for non-admins, maybe a
SELinux constraint? It would save a lot of work for the evaluation...

-Klaus

Follow-Ups:
- Re: [redhat-lspp] Syscalls questions
  - From: Stephen Smalley

References:
- [redhat-lspp] Syscalls questions
  - From: Kris Wilson
- Re: [redhat-lspp] Syscalls questions
  - From: David Howells

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]