[redhat-lspp] Re: RHEL5 Kernel with labeled networking
Casey Schaufler
casey at schaufler-ca.com
Tue Oct 3 23:38:48 UTC 2006
--- Linda Knippers <linda.knippers at hp.com> wrote:
> It has a requirement to be able to audit all
> modifications of the
> values of security attributes, so we can audit a
> bunch of syscalls
> that do that (chmod, chown, setxattr, ...).
> Relabeling files
> would definitely count and be covered. There's also
> a requirement about
> auditing changes to the way data is
> imported/exported, so this is where
> the networking stuff comes in. I don't know about
> domain transitions.
I think you would have trouble arguing that
a domain transition is not a change in the
security state of the system. For the evaluations
I worked auditing was required for any change
to uids, gids, capabilities, sensitivity,
integrity, or any other security relevent
attribute.
Casey Schaufler
casey at schaufler-ca.com
More information about the redhat-lspp
mailing list