New development
Linda Knippers
linda.knippers at hp.com
Mon Sep 12 17:12:41 UTC 2005
>>What about auditing based on domain/type if SELinux is enabled?
>
> I feel like this is LSPP work. In just a CAPP environment there needs to be a
> mechanism for this.
I don't think its strictly related to LSPP since LSPP doesn't need
type enforcement, although it will be there. To me its more SELinux
integration, which is also necessary for LSPP but this part could be
done separately. If a CAPP customer also wanted to audit the
apache-related processes, they're probably also running with SELinux
enabled so that's what I was thinking of. I agree though that being
able to audit any random process and its children can be useful, and
maybe the domain transitions make this too hard.
>>Are you thinking that there would be an LSPP message type?
>
> Possibly.
>
>> Would that just be for messages that are unique for LSPP? Do you have an
>> example?
>
> Yes, the cups printer messages is one place.
But would that really be an LSPP message type? What if MCS users want
to audit the cups activity? Maybe I'm taking the LSPP type too
literally? We don't have a CAPP message type today so that's why I'm
confused about the purpose of an LSPP type.
-- ljk
More information about the Linux-audit
mailing list