[PATCH 1/2] SELinux Context Label based audit filtering
Dustin Kirkland
dustin.kirkland at us.ibm.com
Fri Feb 3 16:37:17 UTC 2006
On Fri, 2006-02-03 at 09:46 -0500, Stephen Smalley wrote:
> On Fri, 2006-02-03 at 09:27 -0500, Steve Grubb wrote:
> > On Friday 03 February 2006 09:17, Stephen Smalley wrote:
> > > > -F "se_sensitivity>=2" -F "se_sensitivity<=9"
> > >
> > > This requires that SELinux perform the filter interpretation, as the
> > > context structures and dominance relation are purely internal to it, and
> > > the audit system should not be directly tied to them.
> >
> > The plan was to call SE linux libraries to interpret custom text (public) to
> > sensitivity and send the raw sensitivity (s0).
>
> Right, libsetrans. But that still leaves you with a string that has no
> inherent meaning or ordering.
This is begging for placement in a configuration file that allows custom
defined aliases:
"s0" = "non_confidential"
"s1" = "secret"
"s2" = "mostly_secret"
"s3" = "more_secret_than_that"
"s4" = "top_secret"
"s5" = "cheating_on_a_spouse_secret"
Let those be set in either an SELinux config file, or in an Audit config
file. Let audit userspace interpret these human readable aliases to
SELinux's representation.
:-Dustin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20060203/53fa2dda/attachment.sig>
More information about the Linux-audit
mailing list