Re: [selinux] Re: identity

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Joshua Brindle <jbrindle@snu.edu>
To: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: "Magosányi Árpád" <mag@bunuel.tii.matav.hu>,
	"James Morris" <jmorris@redhat.com>,
	"Russell Coker" <russell@coker.com.au>,
	"SE Linux" <selinux@tycho.nsa.gov>
Subject: Re: [selinux] Re: identity
Date: Tue, 24 Feb 2004 16:45:30 -0600	[thread overview]
Message-ID: <403BD40A.4010200@snu.edu> (raw)
In-Reply-To: <1077655261.21221.191.camel@moss-spartans.epoch.ncsc.mil>

Stephen Smalley wrote:
> On Tue, 2004-02-24 at 15:03, Magosányi Árpád wrote:
> 
>>I tend to view "auditing framework" as a subset of "security framework",
>>and think that separating access control and audit is either unfeasible
>>or impossible, given that most of the stuff to be audited is access
>>control decision. Plus the access control logic can benefit from the
>>additional data which should be available for auditing purposes.
>>First it is a PITA that one have to dig out file name or IP address,
>>but you will soon realise that you can do access control decisions
>>based the data just mined out if you want.
>>
>>On the other hand, there are some data (those which have to be used
>>for access control decisions) which should be dug out twice if you
>>want to separate auditing from access control.
>>
>>And on the third hand:
>>Just tell me that FAU_GEN is not an aim of SELinux, and I will forget
>>the project forever.
> 
> 
> An aim of SELinux itself?  No.  See the overview
> (http://www.nsa.gov/selinux/), FAQ  
> (http://www.nsa.gov/selinux/faq.cfm#I12), and prior postings to this
> list on the topic of auditing, e.g.
> http://marc.theaimsgroup.com/?l=selinux&m=97907408104978&w=2.  We agree
> that auditing is important, and would encourage integration of SELinux
> with an auditing framework (which can benefit both SELinux and the
> auditing framework), but SELinux itself is not intended to meet auditing
> requirements.  Note that LSM cannot meet auditing requirements, and the
> right solution is not to bloat LSM into a universal hook framework but
> instead to provide a separate framework for auditing.  The additional
> state requested by Russell (including an immutable user identity for
> audit records) belongs in an audit context, not the SELinux context.
> 

On this note, are any of the selinux distro guys looking at integrating 
any specific auditing framework with selinux? We've looked at SAL a 
while back but it was very unsuitable at the time, and have plans to 
look at snare, are there others? If someone is alreay working on this 
let me know as I'd like to help.

Joshua Brindle

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2004-02-24 22:45 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-02-23  4:35 identity Russell Coker
2004-02-23  6:02 ` identity Joseph Pingenot
2004-02-23  6:22   ` identity Russell Coker
2004-02-23 14:47     ` identity Joseph Pingenot
2004-02-23 17:14       ` identity Joshua Brindle
2004-02-24  1:02         ` identity Russell Coker
2004-02-23 13:50 ` identity Stephen Smalley
2004-02-23 23:54   ` identity Russell Coker
     [not found]     ` <200402240308.i1O38Nu6011811@turing-police.cc.vt.edu>
2004-02-24  7:07       ` identity Russell Coker
2004-02-23 14:28 ` identity Stephen Smalley
2004-02-23 19:32   ` identity Joshua Brindle
2004-02-23 19:55     ` identity Stephen Smalley
2004-02-24  0:41   ` identity Russell Coker
2004-02-24 14:47 ` identity James Morris
2004-02-24 14:57   ` identity Stephen Smalley
2004-02-24 20:03     ` [selinux] identity Magosányi Árpád
2004-02-24 20:41       ` Stephen Smalley
2004-02-24 22:45         ` Joshua Brindle [this message]
2004-02-25 19:51           ` Rik Faith
2004-02-24 22:50   ` identity Russell Coker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=403BD40A.4010200@snu.edu \
    --to=jbrindle@snu.edu \
    --cc=jmorris@redhat.com \
    --cc=mag@bunuel.tii.matav.hu \
    --cc=russell@coker.com.au \
    --cc=sds@epoch.ncsc.mil \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.