New audit record types for static network labels

public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed

From: Paul Moore <paul.moore@hp.com>
To: linux-audit@redhat.com
Cc: selinux@tycho.nsa.gov
Subject: New audit record types for static network labels
Date: Tue, 31 Jul 2007 15:37:14 -0400	[thread overview]
Message-ID: <200707311537.14940.paul.moore@hp.com> (raw)

I am currently working on a series of patches to add support for static 
external network labels to NetLabel/SELinux.  The idea is that a user could 
define a physical interface, IP address, address mask, and context which 
would be applied as an external label to the packet when an explicit label 
was not present.  This is similar to other trusted OSs which allow 
administrators to assign labels to single level, unlabeled networks.  For 
those of you following the SELinux list it was discussed a month or two ago.

This is relevant to the audit subsystem because adding/removing these 
address/context entries should most likely be audited for the same reasons we 
audit other NetLabel or XFRM labeling related configuration changes.  To 
accomplish this I would like to suggest the addition of the following record 
types, comments?

#define AUDIT_MAC_UNLBL_STATICADD 14XX  /* NetLabel: add a static label */
#define AUDIT_MAC_UNLBL_STATICDEL 14XX  /* NetLabel: del a static label */

-- 
paul moore
linux security @ hp

                 reply	other threads:[~2007-07-31 19:40 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200707311537.14940.paul.moore@hp.com \
    --to=paul.moore@hp.com \
    --cc=linux-audit@redhat.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox