[redhat-lspp] RBAC Roles
Stephen Smalley
sds at tycho.nsa.gov
Wed Sep 21 19:53:39 UTC 2005
On Wed, 2005-09-21 at 15:41 -0400, Stephen Smalley wrote:
> Another issue here is that the audit filters are applied at the end of
> the operation, so any filtering based on _object_ level (versus process
> level) may be complicated. You don't have the object anymore, and you
> have the aggregation of data for all objects accessed during the
> syscall. With the patch from Dustin/Dan, you will have the object
> security context strings saved in the audit context, but you still have
> to pick the "right" one, split out its parts, and compare strings or map
> to a value.
Hmm...this is clearly not satisfying.
Options:
- Extend SELinux policy and kernel security server to support
level-based auditallow and dontaudit rules, and provide a utility to
configure them separately from any other kind of policy change. Provide
a front-end interface that internally uses both auditctl and this new
utility as needed to appropriately get and set the overall audit policy.
- Modify LSM and/or SELinux to invoke the audit subsystem from the
hooks, allowing the audit subsystem to check object-based filters from
the hooks to select audit generation, and extend auditctl to allow
configuration of these object-based filters in addition to the syscall
audit filters.
Seems like the former is actually easier to implement...
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list