From: dwalsh@redhat.com (Daniel J Walsh)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] roles_auditadm.patch
Date: Mon, 12 Jul 2010 13:35:53 -0400 [thread overview]
Message-ID: <4C3B5279.2050900@redhat.com> (raw)
In-Reply-To: <4C3B41D9.50501@gmail.com>
On 07/12/2010 12:24 PM, Dominick Grift wrote:
> On 07/12/2010 04:59 PM, Daniel J Walsh wrote:
>> On 07/06/2010 08:27 AM, Christopher J. PeBenito wrote:
>>> On 06/02/10 16:28, Daniel J Walsh wrote:
>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/roles_auditadm.patch
>>>>
>>>> Auditadmin should be able to connect to the syslog. Dontaudit search
>>>> /root.
>>>
>>> Not clear why auditadm would connecting to syslog; what program are they
>>> running? Also, the interface doesn't exist.
>>>
>>
>> This is some old stuff, but I guess it would have to do with changing
>> the way syslog worked.
>>
>> Probably needs the ability to manage the syslog/auditd process also.
>
> Any particular reason why these "mls roles" need to be login users and
> unlike webadm etc:?
>
> userdom_unpriv_user_template(auditadm)
>
> userdom_base_user_template(webadm)
>
>
I am not sure, In MLS mode in RHEL5 we allowed you to login directly as
auditadm_t on MLS boxes. But I would prefer to move to
userdom_base_user_template(auditadm)
>
>
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
>
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
next prev parent reply other threads:[~2010-07-12 17:35 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-02 20:28 [refpolicy] roles_auditadm.patch Daniel J Walsh
2010-07-06 12:27 ` Christopher J. PeBenito
2010-07-12 14:59 ` Daniel J Walsh
2010-07-12 16:24 ` Dominick Grift
2010-07-12 17:35 ` Daniel J Walsh [this message]
-- strict thread matches above, loose matches on Subject: below --
2010-08-26 22:31 Daniel J Walsh
2009-03-05 16:24 Daniel J Walsh
2009-03-11 14:53 ` Christopher J. PeBenito
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C3B5279.2050900@redhat.com \
--to=dwalsh@redhat.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.