From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <004201c5c9f0$64d74250$0300a8c0@admin0> From: "shintarou_fujiwara" To: "Stephen Smalley" Cc: "selinux mailing list" References: <002601c5c9b5$b7748ee0$0300a8c0@admin0> <1128522649.24059.148.camel@moss-spartans.epoch.ncsc.mil> Subject: Re: I've written a shell script which turns log deny to allow. Date: Thu, 6 Oct 2005 06:04:36 +0900 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-2022-jp"; reply-type=original Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov To Mr Stephen Smalley: Thank you very much letting me know more sophisticated policy generator. I did not know polgen . The idea is great. That's exactly what I want to do. I will check the web page. Thanks. Bye. ----- Original Message ----- From: "Stephen Smalley" To: "shintarou_fujiwara" Cc: "John Ramsdell" ; "Brian T. Sniffen" ; "selinux mailing list" Sent: Wednesday, October 05, 2005 11:30 PM Subject: Re: I've written a shell script which turns log deny to allow. > On Wed, 2005-10-05 at 23:04 +0900, shintarou_fujiwara wrote: >> Hello, again from Japan . >> >> The other day I've written a policy, noip but >> today I've written a script , easy to use >> especially begginers, like me ... >> >> Denied log is so annoying , so I've written down this >> small script named sepolf (selinux policy finder). >> >> I really want it to display macro, but all I can do now >> is to display allow... like audit2allow (I have never used,though). >> >> Experts advice I really want to get ,to make it better. > > How does it differ from audit2allow? If you think audit2allow lacks > something, feel free to propose a patch to it. > > If you are interested in more sophisticated policy generation, I'd > suggest that you take a look at polgen. There should be an updated > release of it soon, but you can look at the polgen 1.1 release from > http://www.mitre.org/tech/selinux/. Unlike audit2allow, polgen can > generate new domains and types, recognize patterns and suggest > appropriate policy, and emit macro-based rules rather than just raw TE > rules. Note that polgen uses filtered strace output (extended to > include security contexts) from running the program rather than audit > messages as its input. This has advantages (e.g. program-specific data, > more detailed data than one can currently obtain from audit messages) > and disadvantages (e.g. weak linkage with actual SELinux permission > checks, lack of data on other processes interacting with the program, > dependency on patched strace program - which is included in the polgen > tarball). > > -- > Stephen Smalley > National Security Agency > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov > with > the words "unsubscribe selinux" without quotes as the message. > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.