[redhat-lspp] Re: RHEL5 Kernel with labeled networking
Joshua Brindle
method at gentoo.org
Fri Oct 6 10:49:36 UTC 2006
Klaus Weidner wrote:
> On Tue, Oct 03, 2006 at 04:38:48PM -0700, Casey Schaufler wrote:
>
>> --- Linda Knippers <linda.knippers at hp.com> wrote:
>>
>>> It has a requirement to be able to audit all modifications of the
>>> values of security attributes, so we can audit a bunch of syscalls
>>> that do that (chmod, chown, setxattr, ...). Relabeling files would
>>> definitely count and be covered. There's also a requirement about
>>> auditing changes to the way data is imported/exported, so this is
>>> where the networking stuff comes in. I don't know about domain
>>> transitions.
>>>
>> I think you would have trouble arguing that a domain transition is not
>> a change in the security state of the system. For the evaluations I
>> worked auditing was required for any change to uids, gids,
>> capabilities, sensitivity, integrity, or any other security relevent
>> attribute.
>>
>
> Yes, it is a change in the process security state.
>
> Domain transitions are auditable already - dynamic transitions through
> the auditallow rules on /proc/$PID/attr/*, and automatic transitions by
> putting filesystem watches on the *_exec_t binaries you're interested in.
>
>
Um, you can just auditallow domain domain : process transition for all
transitions but the point was that they didn't want a mixture of policy
auditing and audit framework auditing
More information about the redhat-lspp
mailing list