[redhat-lspp] RBAC Roles
Ivan Gyurdiev
ivg2 at cornell.edu
Thu Sep 22 20:49:50 UTC 2005
Stephen Smalley wrote:
>On Thu, 2005-09-22 at 10:25 -0400, Daniel J Walsh wrote:
>
>
>>I like the idea of telling SELinux to remove all dontaudit rules...
>>Without haveing to rebuild/reload policy.
>>
>>
>
>You'd still need to regenerate and reload policy, but you wouldn't need
>any policy sources or checkpolicy. Instead, you'd just have a utility
>that uses a new libsemanage/libsepol interface to remove avrules from
>the existing binary policy, writes out the new binary policy, and loads
>it into the kernel.
>
>
I can write a patch that does this if you need it.
int sepol_audit_everything(int on);
int semanage_audit_everything(int on);
Seems like just an application of avtab_map that looks
at the rule type...
OTOH a kernel hook to control this seems better to me also.
More information about the redhat-lspp
mailing list