[PATCH 00/07][RFC] RACF audit plugin
Klaus Heinrich Kiwi
klausk at br.ibm.com
Fri Sep 28 21:09:20 UTC 2007
On Fri, 28 Sep 2007 10:28:07 -0300, Klaus Heinrich Kiwi wrote:
> TODO list:
> ==========
> - SELinux policy (currently, the plugin runs under the audit daemon
> domain, which denies some network operations, for example)
Steve,
you mentioned in an IRC chat that dwalsh has made a nice GUI tool for
building new policy - can you point it out??
Dan mentioned we would need a policy module that gets loaded by a post-
install script upon the plugin installation. The policy module would
define 'racf_t' and 'racf_exec_t' types, and the 'racf_exec_t'-labeled
plugin would then transition to it's own 'racf_t' domain upon execution.
Transition would be allowed by the 'racf_domtrans(auditd_t)' interface.
As for 'racf_t' permissions, I need LDAP and DNS access. Reading the AVC
messages I saw I may need:
tcp_socket {read write shutdown name_connect connect setop create}
udp_socket {read write getattr connect create}
netlink_route_socket { nlmsg_read, read }
Anyone knows if this set of permissions are implemented by a more-generic
policy interface? Dan?
Thanks!
Klaus K
More information about the Linux-audit
mailing list