SELinux Context Label based audit filtering
Dustin Kirkland
dustin.kirkland at us.ibm.com
Fri Feb 3 22:34:02 UTC 2006
On Fri, 2006-02-03 at 16:14 -0500, Stephen Smalley wrote:
> Carrying the SIDs gives you the option of passing them to SELinux so
> that it can immediately look up the context structure and perform
> comparisons, extract values, etc w/o needing to re-parse the context
> string. But you may still need to carry the context strings to avoid
> allocation failures at the end when it is too late to abort the
> operation.
Gotcha. I'll continue carrying the context strings to avoid eventual
allocation failures for the time being.
> Given that we need to precompute a MLS context struct when the audit
> filter rule is inserted anyway (so that we can later do efficient
> comparisons of MLS levels), we might want to do this for all of the
> fields, eliminating string comparisons entirely at audit filter
> evaluation time. See my description of the step-by-step approach for
> the MLS case in my earlier response to Steve.
Ok, I'm going to work though your 9-step program early next week.
> Possibly, but that doesn't create a larger pool of people who can
> contribute in the future to the project...
Understood. Investment in the future ;)
:-Dustin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20060203/5715528d/attachment.sig>
More information about the Linux-audit
mailing list