[redhat-lspp] Re: LSPP/RBACPP requirements v.006

[George C. Wilson]

On Thu, Jan 26, 2006 at 01:26:41PM -0500, Steve Grubb wrote:
> On Thursday 26 January 2006 12:53, Linda Knippers wrote:
> >> Item 07) Mentions init in the description, no mention of init in 
> >> implementation section...so I don't know what this is.
> >
> >It also mentions the CUPS client may be a candidate, but item 4 talks
> >about CUPS.  Is the point of item 7 to audit role transitions and
> >we thought init and CUPS might do that?  Or is this item to look through
> >all SELinux-related trusted programs to make sure they meet the audit
> >requirements as specified in the protection profiles?
> 
> I think its to look through the programs and add audit instrumentation. I can 
> understand CUPS client, but I don't know what was supposed to be instrumented 
> in init.
>

- Yes, item 7 is a catchall to ensure we hook every userspace program that
  requires instrumentation.  When Steve and I discussed this last, newrole and
  init were the only candidates.  The init issue was to emit an audit record on
  failure to load the policy, I believe.  This may already be covered at a lower
  layer--I'm going to try it now.

- Item 4 covers audit of CUPS explicitly, a la audit of print.  I'll remove the
  CUPS client from item 7.  I believe it was there because there because we are
  only auditing from the server and we thought that might not be sufficient.

- Item 5 is once again a catchall to make sure we cover items that don't have
  their own specific task.  There may be no additional items.

- The forthcoming post will reflect 30's status after Monday's meeting.  v006
  contains pre-meeting information as I needed to get something out.

- I'll split item 32 into two tasks.

- I'll incorporate the other updates.

Thanks for all the comments.  I will make the changes this afternoon and repost
to the list and Russell's wiki.
 
-- 
George Wilson <ltcgcw at us.ibm.com>
IBM Linux Technology Center