[redhat-lspp] Re: [patch] Full relabel audit event
Steve Grubb
sgrubb at redhat.com
Tue May 30 14:08:16 UTC 2006
On Friday 26 May 2006 14:03, Stephen Smalley wrote:
> I don't see the point when a) you only want it in that one case,
We do this already in several places. For example, we instrumented usermod,
but not chage. It was documented in the Security Target that usermod should
be used to alter user account attributes.
> b) it doesn't prevent trivial bypass in any way (e.g. by using restorecon,
> by rolling your own program to do it, by running setfiles on /* rather than
> just /, ...), and
Its not meant to be bulletproof. Its purpose is to document that a full
relabel has occurred before any user can log in. During the boot process, no
one can log in so nothing evil should happen.
> Note btw that setfiles already provides three different ways to log
> actual changes in file contexts, the original -v verbose mode, and the
> -l (log via syslog) and -o <file> (log to file) modes introduced later
> by Red Hat. That at least provides detailed information that the caller
> couldn't determine otherwise.
It was determined that we only need 1 record, not all the changes.
-Steve
More information about the Linux-audit
mailing list