[redhat-lspp] RBAC Roles
Daniel J Walsh
dwalsh at redhat.com
Thu Sep 22 14:25:41 UTC 2005
Stephen Smalley wrote:
>On Wed, 2005-09-21 at 15:41 -0400, Stephen Smalley wrote:
>
>
>>Another issue here is that the audit filters are applied at the end of
>>the operation, so any filtering based on _object_ level (versus process
>>level) may be complicated. You don't have the object anymore, and you
>>have the aggregation of data for all objects accessed during the
>>syscall. With the patch from Dustin/Dan, you will have the object
>>security context strings saved in the audit context, but you still have
>>to pick the "right" one, split out its parts, and compare strings or map
>>to a value.
>>
>>
>
>Hmm...this is clearly not satisfying.
>
>Options:
>- Extend SELinux policy and kernel security server to support
>level-based auditallow and dontaudit rules, and provide a utility to
>configure them separately from any other kind of policy change. Provide
>a front-end interface that internally uses both auditctl and this new
>utility as needed to appropriately get and set the overall audit policy.
>- Modify LSM and/or SELinux to invoke the audit subsystem from the
>hooks, allowing the audit subsystem to check object-based filters from
>the hooks to select audit generation, and extend auditctl to allow
>configuration of these object-based filters in addition to the syscall
>audit filters.
>
>Seems like the former is actually easier to implement...
>
>
>
I like the idea of telling SELinux to remove all dontaudit rules...
Without haveing to rebuild/reload policy.
--
More information about the redhat-lspp
mailing list