[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH 1/2] SELinux Context Label based audit filtering



On Friday 03 February 2006 09:46, Stephen Smalley wrote:
> Ok, so this means that SELinux needs to provide an API for such
> comparisons, and likely for precomputing the internal context structure
> for a given MLS range provided in an audit rule so that we don't have to
> re-do that on each filter evaluation. 

What if the filter rule was:

auditctl -a exit,always -S open -F "se_sensitivity>=confidential"

And that is all you have to work with? Are we still OK?

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]