[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: auditing syscalls made 'by' an inode?



On Friday, June 08, 2012 11:36:38 AM Peter Moody wrote:
> On Fri, Jun 8, 2012 at 7:49 AM, Daniel J Walsh <dwalsh redhat com> wrote:
> > On thing you could do would be to write a simple SELinux domain, like
> > auditproc_t and have unconfined_t transition to it using runcon.
> 
> True, but this requires running selinux, which despite all of the
> excellent work you guys have put into making that easy (easier), is
> still a non-starter for some people.

I agree. I'd like to see the capability developed out because it might allow new 
kinds of auditing. Like...you might want to audit syscalls with EPERM started by 
apache and not under the httpd_t selinux context. :-)

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]