[redhat-lspp] Re: RHEL5 Kernel with labeled networking
Eric Paris
eparis at parisplace.org
Wed Oct 4 17:51:41 UTC 2006
seipccreate is dead. it will not be implemented without a user.
setsockcreate i believe is already there....
-Eric
On Wed, 2006-10-04 at 12:41 -0500, Klaus Weidner wrote:
> On Wed, Oct 04, 2006 at 11:20:32AM -0400, Linda Knippers wrote:
> > Thanks for the reminder about that thread.
> > https://www.redhat.com/archives/redhat-lspp/2006-August/msg00008.html
> >
> > I didn't really see a conclusion though. Dan was waiting to hear from
> > Steve. Steve didn't like it for the reasons I mentioned above. Were
> > the auditallows added to the MLS policy? Did anyone create a module?
>
> Yes, it's part of the "lspp_policy" module included in the kickstart
> config RPM I posted yesterday.
>
> This reminds me - can we assume that the setsocketcreate and
> setipccreate attributes will remain unimplemented for RHEL5? If they get
> added at the last minute the people who write the tests would get very
> unhappy.
>
> -Klaus
>
> policy_module(lspp_policy,1.0)
>
> gen_require(`
> attribute domain;
> ')
>
> # Audit setting of security relevant process attributes
> # These settings are OPTIONAL
> auditallow domain self:process setcurrent;
> auditallow domain self:process setexec;
> auditallow domain self:process setfscreate;
> #auditallow domain self:process setsocketcreate; # FIXME
> #auditallow domain self:process setipccreate; # FIXME
>
> --
> redhat-lspp mailing list
> redhat-lspp at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-lspp
More information about the redhat-lspp
mailing list