[redhat-lspp] RBAC Roles
Stephen Smalley
sds at tycho.nsa.gov
Wed Sep 21 19:17:40 UTC 2005
On Wed, 2005-09-21 at 14:35 -0400, Steve Grubb wrote:
> Yeah, that seemed to be potentially fragile to me. So, if someone needs to
> audit something like: "-a exit,always -S open -F role=secadm -F otype=etc_t"
> what would we need to do? If a policy reload occurs, would we need to have a
> callback to re-adjust the values? Or do we need to lookup secadm and etc_t
> each time?
Likely the former. We already have to do that for the SID table
(remapping the values in the internal context structures) upon policy
reload.
> We also need to have a way to suppress these audits. FAU_SEL.1 says we have to
> have the ability to exclude events based on sensitivity labels. One idea I
> had was that we could put a filter in audit_log_end, however, the message is
> in text by that time and we may need to do a numeric lookup. How should we
> handle this requirement?
Hmm...we could add an equivalent to the TE dontaudit rules to the MLS
policy, based on levels rather than types. That would keep it in
policy.
If you want to do it via the audit subsystem, then if we have the
ability to specify auditctl rules based on levels, then I would think
you could just specify it using a never rule for the desired level. But
you would need to change avc_audit to only queue up audit records on the
audit context rather than immediately emitting audit messages itself,
and defer the generation for them all until audit_syscall_exit so that
the syscall filter could suppress it.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list