[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH 1/2] SELinux Context Label based audit filtering



On Friday 03 February 2006 09:17, Stephen Smalley wrote:
> > -F "se_sensitivity>=2" -F "se_sensitivity<=9"
>
> This requires that SELinux perform the filter interpretation, as the
> context structures and dominance relation are purely internal to it, and
> the audit system should not be directly tied to them.

The plan was to call SE linux libraries to interpret custom text (public) to 
sensitivity and send the raw sensitivity (s0). As for dominance 
calculations...we aren't granting access. If someone say they want s2 and 
above, we should be able to see that s3 is greater than s2 and generate an 
audit record. If you have an api for comparing s3 and s2, let us know and 
we'll use it.

> The "convention" is that only the SELinux module and the core SELinux
> libraries parse them.  Everything else has to use an API provided by the
> SELinux module (for in-kernel users) or the core SELinux libraries (for
> userland).

I suppose you are right. I should have mentioned that we have no interest in 
parsing the full context. User space was going to take the context parsed by 
humans as separate fields. This way it is extensible. If a new extension is 
added in the future, we add a new field.

In kernel, Dustin was going to use your api to take sid to individual 
components. For string we only need = and !=. For levels and sensitivity, we 
were going to need to do a comparison since people could desire auditing 
secret and above, but let everything else go.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]