[redhat-lspp] userdomain policy question ..
Klaus Weidner
klaus at atsec.com
Tue Aug 8 17:21:30 UTC 2006
On Tue, Aug 08, 2006 at 12:52:37PM -0400, Stephen Smalley wrote:
> Not sure if it would satisfy the need, but you could put auditallow
> statements in the policy to trigger SELinux audit messages (and thus
> also syscall audit messages at syscall exit) for these kinds of
> operations, e.g.
> # Audit setting of fscreate attribute.
> auditallow domain self:process setfscreate;
> or
> # Audit writing to all /proc/pid files.
> auditallow domain self:file write;
This sounds like a good solution, I didn't know that this works. Can
someone verify that the audit record contains the LSPP required data such
as the subject label?
(My RHEL system currently doesn't boot since VMWare appears not to like
the lspp.46 kernel, I haven't had time yet to look into it.)
-Klaus
More information about the redhat-lspp
mailing list