[PATCH] Inter-field comparisons between uid/euid and gid/egid
Steve Grubb
sgrubb at redhat.com
Mon Dec 12 17:48:21 UTC 2011
On Monday, December 12, 2011 11:35:25 AM Peter Moody wrote:
> On Mon, Dec 12, 2011 at 6:27 AM, Steve Grubb <sgrubb at redhat.com> wrote:
> > On Sunday, December 11, 2011 02:04:24 PM Peter Moody wrote:
> > > Not sure if this is the right way to go about this, but I've got a
> > > couple of patches I'd like to be considered for inclusion.
> >
> > I think we really want all permutations covered so we don't revisit this
> > every
> > month or two.
>
> Ok. Do you want me to include subj_user/obj_user, subj_role/obj_role,
> subj_type/obj_type as well
No, the MAC subsystems should be able to log that themselves.
> or just the uid/fsuid, gid/fsgid, uid/suid, gid/sgid?
Closer. All permutations of uid and gid being able to compare against either
object or process credentials. Like auid!=ouid or auid!=uid.
Thanks,
-Steve
More information about the Linux-audit
mailing list