From mboxrd@z Thu Jan 1 00:00:00 1970 From: ramsdell@mitre.org (John D. Ramsdell) Subject: Re: [PATCH] Reporting file descriptors created by pipe and socketpair Date: 12 Sep 2006 17:05:35 -0400 Message-ID: References: <20060912162104.GK4144@devserv.devel.redhat.com> <20060912191225.GL4144@devserv.devel.redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: In-Reply-To: <20060912191225.GL4144@devserv.devel.redhat.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Alexander Viro Cc: bsniffen@mitre.org, Linux Audit List-Id: linux-audit@redhat.com Alexander Viro writes: > Indeed? And how, pray tell, do you handle e.g. processes A and B > sending SCM_RIGHTS datagrams to C at the same moment? We don't. We do not try to get all information flows. Our goal is to recognize common information flow patterns, and suggest SELinux policy based on the patterns we find. For example, the Jabber Server has five main processes, and one them routes information between the other four. We can recognize this pattern, and suggest types and allow rules consistent with this hub-and-spoke design pattern. Here is another major reason to prefer autrace over strace: performance. We tried to strace a run of an Apache Web Server compiled with threads support enabled. It was a disaster. The only way we could get useful data was to strace a single threaded version of the web server. I bet we could get useful data on run of a multithreaded web server using autrace. John