All of lore.kernel.org
 help / color / mirror / Atom feed
From: Steve G <linux_4ever@yahoo.com>
To: James Morris <jmorris@namei.org>,
	Mimi Zohar <zohar@linux.vnet.ibm.com>,
	sgrubb@redhat.com
Cc: Paul Moore <paul.moore@hp.com>,
	selinux@tycho.nsa.gov, zohar@us.ibm.com, safford@watson.ibm.com
Subject: Re: [RFC]integrity: SELinux patch
Date: Wed, 18 Jul 2007 08:05:01 -0700 (PDT)	[thread overview]
Message-ID: <604663.1384.qm@web51501.mail.re2.yahoo.com> (raw)
In-Reply-To: <Line.LNX.4.64.0707171046060.5764@d.namei>



>> No, it isn't being audited, but should be.  The question is what type of audit

>> message would be appropriate here.  It could be the normal denied/granted 
>> message, but that would be confusing as this isn't based on a permission or 
>> capability check, but an integrity error.  Any suggestions how to handle this 
>> here and in the other places? 

MRPP places some requirements on intergrity checking. Maybe it tells you more
information about what's required. More info:

http://www.niap-ccevs.org/cc-scheme/pp/pp.cfm?id=PP_OS_ML_MR2.0_V1.91

>If integrity is being enforced, then the final AVC denial should include 
>information that it was because of an integrity failure.

Might ought to be an integrity audit record type rather than avc. This way
aureport can separate it out for its summary report. In
/usr/include/linux/audit.h is this note:

 * 1800 - 1999 future kernel use (maybe integrity labels and related events)

So, we could assign the 1800 block to kernel integrity checking. I think we'd
need information access decision, creation, modification, and deletion of
integrity information/labels. We also probably need the ability to audit by
integrity, too. For a detailed audit discussion, I'd recommend linux-audit mail
list or at least cc'ing it

>I'm not sure that it's useful to have non-enforced integrity, aside from 
>debugging/development use.

Hard to say. You may want to upgrade a machine and not have anything fail due to
integrity checking. I could see it being useful in much the same way that
permissive is for selinux.

>For general use, it should either be enabled or disabled.

What about immutable, too? Changing between enabled/disabled is an auditable
event, too.

-Steve


 
____________________________________________________________________________________
We won't tell. Get more on shows you hate to love 
(and love to hate): Yahoo! TV's Guilty Pleasures list.
http://tv.yahoo.com/collections/265 

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

  reply	other threads:[~2007-07-18 15:05 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-07-16 13:57 [RFC]integrity: SELinux patch Mimi Zohar
2007-07-16 18:40 ` Joshua Brindle
2007-07-16 23:13   ` Mimi Zohar
2007-07-16 19:23 ` Paul Moore
2007-07-17 14:30   ` Mimi Zohar
2007-07-17 14:32     ` Paul Moore
2007-07-17 14:54     ` James Morris
2007-07-18 15:05       ` Steve G [this message]
2007-09-04 20:46         ` Mimi Zohar
2007-09-04 21:08           ` Steve Grubb
     [not found]         ` <1188999967.5563.2.camel@localhost.localdomain>
2007-09-05 15:11           ` Integrity auditing Steve Grubb
2007-09-05 19:26             ` Mimi Zohar
2007-09-06 17:07               ` Steve Grubb
2007-09-10 20:16                 ` Mimi Zohar
2007-09-12 13:25                   ` Steve Grubb
2007-07-17  0:20 ` [RFC]integrity: SELinux patch James Morris
2007-07-17 13:20   ` Joshua Brindle
2007-07-17 14:44 ` James Morris
2007-07-18 21:33   ` Mimi Zohar
2007-07-17 14:52 ` Stephen Smalley
2007-07-18 21:43   ` Mimi Zohar
2007-07-19 13:08     ` Stephen Smalley
2007-07-20 18:57       ` Mimi Zohar
  -- strict thread matches above, loose matches on Subject: below --
2007-08-28 22:35 Mimi Zohar
2007-08-29  4:16 ` Joshua Brindle
2007-08-29 10:14   ` Mimi Zohar
2007-09-19 19:41     ` Mimi Zohar
2007-09-19 21:04       ` Stephen Smalley
2007-09-20  1:34         ` Mimi Zohar
2007-09-20 13:12           ` Stephen Smalley
2007-09-20 21:16             ` James Morris
2007-09-21 14:13               ` Mimi Zohar
2007-09-21 14:02             ` Mimi Zohar
2007-08-30 20:58 ` Serge E. Hallyn
2007-08-30 21:12   ` Serge E. Hallyn
2007-08-31 13:15     ` Mimi Zohar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=604663.1384.qm@web51501.mail.re2.yahoo.com \
    --to=linux_4ever@yahoo.com \
    --cc=jmorris@namei.org \
    --cc=paul.moore@hp.com \
    --cc=safford@watson.ibm.com \
    --cc=selinux@tycho.nsa.gov \
    --cc=sgrubb@redhat.com \
    --cc=zohar@linux.vnet.ibm.com \
    --cc=zohar@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.