[redhat-lspp] Re: RHEL5 Kernel with labeled networking
Klaus Weidner
klaus at atsec.com
Wed Oct 4 17:41:49 UTC 2006
On Wed, Oct 04, 2006 at 11:20:32AM -0400, Linda Knippers wrote:
> Thanks for the reminder about that thread.
> https://www.redhat.com/archives/redhat-lspp/2006-August/msg00008.html
>
> I didn't really see a conclusion though. Dan was waiting to hear from
> Steve. Steve didn't like it for the reasons I mentioned above. Were
> the auditallows added to the MLS policy? Did anyone create a module?
Yes, it's part of the "lspp_policy" module included in the kickstart
config RPM I posted yesterday.
This reminds me - can we assume that the setsocketcreate and
setipccreate attributes will remain unimplemented for RHEL5? If they get
added at the last minute the people who write the tests would get very
unhappy.
-Klaus
policy_module(lspp_policy,1.0)
gen_require(`
attribute domain;
')
# Audit setting of security relevant process attributes
# These settings are OPTIONAL
auditallow domain self:process setcurrent;
auditallow domain self:process setexec;
auditallow domain self:process setfscreate;
#auditallow domain self:process setsocketcreate; # FIXME
#auditallow domain self:process setipccreate; # FIXME
More information about the redhat-lspp
mailing list