From: dwalsh@redhat.com (Daniel J Walsh)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] Fwd: Re: system_logging.patch
Date: Fri, 19 Mar 2010 10:18:00 -0400 [thread overview]
Message-ID: <4BA38798.1040002@redhat.com> (raw)
In-Reply-To: <1269007987.5623.181.camel@gorn.columbia.tresys.com>
On 03/19/2010 10:13 AM, Christopher J. PeBenito wrote:
> On Fri, 2010-03-19 at 08:22 -0400, Daniel J Walsh wrote:
>
>> On 03/19/2010 08:14 AM, Christopher J. PeBenito wrote:
>>
>>> On Thu, 2010-03-18 at 16:15 -0400, Steve Grubb wrote:
>>>
>>>
>>>> On Thursday 18 March 2010 01:12:36 pm Daniel J Walsh wrote:
>>>>
>>>>
>>>>>> New log context
>>>>>> Allow setting audit tty
>>>>>> Fixing interfaces
>>>>>>
>>>>>>
>>>>> Why are the sockets being set to system high? Same thing for the pid
>>>>> file? They don't have sensitive data.
>>>>>
>>>>>
>>>> /var/run/audispd_events and the pid file is the only thing I recognize as being
>>>> from the audit system. The audit system and everything related to it must be
>>>> at system high.
>>>>
>>>>
>>> Again, why? The socket and pid file do not have sensitive data. The
>>> daemon and the log files have the sensitive data.
>>>
>>>
>>>
>> So your saying the ability to connect to the socket is going to be
>> blocked on the connecto based on the level of the process on the other
>> end of the socket.
>>
>> setroubleshoot_t:SystemLow is not going to be able to connectto
>> auditd_t:SystemHigh no matter what the socket and pid file are labeled.
>>
> I'm not sure what you're trying to argue. The connectto is of course
> going to be checked if a connect gets past the MAC write check on the
> sock_file.
>
>
I am agreeing with you, by saying the connectto check will block no
matter what the socket permission is.
But on Steve's point of view. We would have to jump through hoops to
get auditd to create the pid file and socket at SystemLow, Since it runs
at SystemHigh.
next prev parent reply other threads:[~2010-03-19 14:18 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-18 17:12 [refpolicy] Fwd: Re: system_logging.patch Daniel J Walsh
[not found] ` <201003181615.22542.sgrubb@redhat.com>
2010-03-19 12:14 ` Christopher J. PeBenito
2010-03-19 12:22 ` Daniel J Walsh
2010-03-19 14:13 ` Christopher J. PeBenito
2010-03-19 14:18 ` Daniel J Walsh [this message]
[not found] ` <201003190944.18262.sgrubb@redhat.com>
2010-03-19 14:44 ` Christopher J. PeBenito
[not found] ` <201003191102.56364.sgrubb@redhat.com>
2010-03-19 15:21 ` Daniel J Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BA38798.1040002@redhat.com \
--to=dwalsh@redhat.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.