From: James Antill <jantill@redhat.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: redhat-lspp <redhat-lspp@redhat.com>,
linux-audit@redhat.com, selinux@tycho.nsa.gov
Subject: Re: [patch] Full relabel audit event
Date: Fri, 26 May 2006 13:47:27 -0400 [thread overview]
Message-ID: <1148665647.8828.36.camel@code.and.org> (raw)
In-Reply-To: <1148663120.20976.235.camel@moss-spartans.epoch.ncsc.mil>
[-- Attachment #1.1: Type: text/plain, Size: 1406 bytes --]
On Fri, 2006-05-26 at 13:05 -0400, Stephen Smalley wrote:
> On Thu, 2006-05-25 at 17:01 -0400, James Antill wrote:
> > The attached patch implements the full relabel audit event (Ie. an
> > audit event occurs when a full relabel occurs, ie. when /.autorelabel
> > exists at boot).
> > Note that although the code is correct, this patch doesn't actually
> > work due to kernel bugs[1].
> >
> > It'll be in Fedora development as part of policycoreutils-1.30.10-3
> > onwards.
> >
> > [1] see the thread on linux-audit if you want the details.
>
> Hmmm...what is it that you actually want to do here? If you only care
> about auditing autorelabel events, then I'd suggest generating the audit
> message from the autorelabel portion of rc.sysinit (via a helper, I
> suppose), not from setfiles itself.
This is all that we care about, but the solution of creating a helper
to just be called before setfiles was considered suboptimal against just
putting the code inside setfiles (I know Steve is very much against
anything which acts like logger for the audit subsystem).
> Not sure which thread you are referring to; I don't see prior discussion
> of a relabel audit event in the linux-audit archives.
The thread is for the kernel problem that makes the above patch not
actually work, see the thread "Re: audit 1.2.2 released".
--
James Antill <jantill@redhat.com>
[-- Attachment #1.2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 191 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
next prev parent reply other threads:[~2006-05-26 17:47 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-25 21:01 [patch] Full relabel audit event James Antill
2006-05-26 17:05 ` Stephen Smalley
2006-05-26 17:47 ` James Antill [this message]
2006-05-26 18:03 ` [redhat-lspp] " Stephen Smalley
2006-05-30 14:08 ` Steve Grubb
2006-05-30 13:22 ` Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1148665647.8828.36.camel@code.and.org \
--to=jantill@redhat.com \
--cc=linux-audit@redhat.com \
--cc=redhat-lspp@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox