[redhat-lspp] userdomain policy question ..
Janak Desai
janak at us.ibm.com
Tue Aug 8 17:31:36 UTC 2006
On Tue, 2006-08-08 at 12:21 -0500, Klaus Weidner wrote:
> On Tue, Aug 08, 2006 at 12:52:37PM -0400, Stephen Smalley wrote:
> > Not sure if it would satisfy the need, but you could put auditallow
> > statements in the policy to trigger SELinux audit messages (and thus
> > also syscall audit messages at syscall exit) for these kinds of
> > operations, e.g.
> > # Audit setting of fscreate attribute.
> > auditallow domain self:process setfscreate;
> > or
> > # Audit writing to all /proc/pid files.
> > auditallow domain self:file write;
>
> This sounds like a good solution, I didn't know that this works. Can
> someone verify that the audit record contains the LSPP required data such
> as the subject label?
>
Thanks Klaus. Thiago and I will verify this.
-Janak
> (My RHEL system currently doesn't boot since VMWare appears not to like
> the lspp.46 kernel, I haven't had time yet to look into it.)
>
> -Klaus
>
> --
> redhat-lspp mailing list
> redhat-lspp at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-lspp
More information about the redhat-lspp
mailing list