[PATCH 1/2] SELinux Context Label based audit filtering
Steve Grubb
sgrubb at redhat.com
Fri Feb 3 14:47:01 UTC 2006
On Friday 03 February 2006 09:46, Stephen Smalley wrote:
> Ok, so this means that SELinux needs to provide an API for such
> comparisons, and likely for precomputing the internal context structure
> for a given MLS range provided in an audit rule so that we don't have to
> re-do that on each filter evaluation.
What if the filter rule was:
auditctl -a exit,always -S open -F "se_sensitivity>=confidential"
And that is all you have to work with? Are we still OK?
-Steve
More information about the Linux-audit
mailing list