[redhat-lspp] [RFC KERNEL] object audit filters based on SELinux context
Linda Knippers
linda.knippers at hp.com
Mon Jun 26 17:11:30 UTC 2006
Darrel Goeddel wrote:
> I recently noticed that we never got around to doing object filters
> based on context... This patch introduces object audit filters
> based on the fields of the SELinux context. I put in everything
> (user, role, type, levels) even though I don't think user and role
> will be of use. I'm also open to names on the filters because I
> couldn't really think of anything that sounded really good
> (especially for the object's mls - "ol1 means object level 1" and
> "ol2 means object level2"...). So, I'll trim and rename if people
> want that. This is just the kernel part, the userspace patch to
> handle these fields is forthcoming. One more thing - this patch
> only checks the contexts of filesystem objects. We also collect
> sids for ipc objects in the aux structs, should I also loop through
> those and filter based on the sids contained in AUDIT_IPC records?
I would think so.
-- ljk
More information about the redhat-lspp
mailing list