[redhat-lspp] role based audit filtering

James Morris jmorris at redhat.com
Wed Dec 7 11:54:02 UTC 2005


On Tue, 6 Dec 2005, Dustin Kirkland wrote:

> - I would expect to be crucified if I attempted to do strcmp() or
> strstr() string comparisons/matches in the kernel at the oft-called
> filters, so I'm really hoping to keep this to integer comparisons.  For
> that, I think I might need an api into SELinux to get some sort of
> integer looking value to compare.  Am I approaching this correctly?

This all seems pretty ugly.

Internally, SELinux uses SIDs (integers) which can be translated to 
securirty contexts (strings), from which you can extract the role.

Let's say you then keep a mapping of SIDs to roles (with roles, translated
to your own integer representation), you'd get an expensive hit the first 
time this had to be determined, but then it could be reasonably cheap.

We'd also need to handle policy change, probably generating an event (the 
infrastructure for this exists already in SELinux) which flushes your 
SID/role mappings.


- James 
--
James Morris
<jmorris at redhat.com>





More information about the redhat-lspp mailing list