[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH 1/2] SELinux Context Label based audit filtering



On Thu, 2006-02-02 at 17:18 -0500, Steve Grubb wrote:
> I think we are covered. I mentioned to Dustin that those fields need to be 
> handled as integers for comparison. We should be able to specify a range for 
> matching like:
> 
> -F "se_sensitivity>=2" -F "se_sensitivity<=9"

This requires that SELinux perform the filter interpretation, as the
context structures and dominance relation are purely internal to it, and
the audit system should not be directly tied to them.

> Is there a convention for context parsing? If not, we should probably decide 
> what it will be or at least how to identify the end of what we know so that 
> if they get out of sync in the future, it would do the wrong thing.

The "convention" is that only the SELinux module and the core SELinux
libraries parse them.  Everything else has to use an API provided by the
SELinux module (for in-kernel users) or the core SELinux libraries (for
userland).

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]