[redhat-lspp] Re: [patch] Full relabel audit event
James Antill
jantill at redhat.com
Fri May 26 17:47:27 UTC 2006
On Fri, 2006-05-26 at 13:05 -0400, Stephen Smalley wrote:
> On Thu, 2006-05-25 at 17:01 -0400, James Antill wrote:
> > The attached patch implements the full relabel audit event (Ie. an
> > audit event occurs when a full relabel occurs, ie. when /.autorelabel
> > exists at boot).
> > Note that although the code is correct, this patch doesn't actually
> > work due to kernel bugs[1].
> >
> > It'll be in Fedora development as part of policycoreutils-1.30.10-3
> > onwards.
> >
> > [1] see the thread on linux-audit if you want the details.
>
> Hmmm...what is it that you actually want to do here? If you only care
> about auditing autorelabel events, then I'd suggest generating the audit
> message from the autorelabel portion of rc.sysinit (via a helper, I
> suppose), not from setfiles itself.
This is all that we care about, but the solution of creating a helper
to just be called before setfiles was considered suboptimal against just
putting the code inside setfiles (I know Steve is very much against
anything which acts like logger for the audit subsystem).
> Not sure which thread you are referring to; I don't see prior discussion
> of a relabel audit event in the linux-audit archives.
The thread is for the kernel problem that makes the above patch not
actually work, see the thread "Re: audit 1.2.2 released".
--
James Antill <jantill at redhat.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20060526/9f53b808/attachment.sig>
More information about the redhat-lspp
mailing list