From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Cc: Eric Paris <eparis@parisplace.org>,
James Morris <jmorris@namei.org>,
selinux@tycho.nsa.gov
Subject: Re: [PATCH v4] selinux: support deferred mapping of contexts
Date: Wed, 7 May 2008 12:48:12 -0400 [thread overview]
Message-ID: <200805071248.13439.sgrubb@redhat.com> (raw)
In-Reply-To: <7e0fb38c0805070829q1bda9233h1f71865634776e71@mail.gmail.com>
On Wednesday 07 May 2008 11:29:36 Eric Paris wrote:
> On Wed, May 7, 2008 at 11:23 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > On Wed, 2008-05-07 at 11:17 -0400, Eric Paris wrote:
> > > > I assume we do NOT want to use this variant interface when getting
> > > > contexts to display in audit messages, as we want the audit
> > > > messages to correspond to the actual denial and to yield proper
> > > > policy if turned into an allow rule.
> > >
> > > Is there any way we could get them both displayed if there is a
> > > denial? Might be interesting to know both that the denial was
> > > actually unlabeled_t object but also what the 'incorrect' label
> > > was.....
> >
> > Easy to do kernel-side, but requires a new avc audit field that won't
> > cause any complaints by audit userland or tools like audit2allow.
What would be the proposed name of this new field? Would it hold just a
context string? FWIW, audit user land doesn't really care except that we
don't have name collisions on fields.
-Steve
next prev parent reply other threads:[~2008-05-07 16:48 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1210002195.25678.678.camel@moss-spartans.epoch.ncsc.mil>
[not found] ` <Xine.LNX.4.64.0805060930520.17367@us.intercode.com.au>
[not found] ` <1210088427.25678.771.camel@moss-spartans.epoch.ncsc.mil>
[not found] ` <1210105048.25678.799.camel@moss-spartans.epoch.ncsc.mil>
[not found] ` <Xine.LNX.4.64.0805070830480.20128@us.intercode.com.au>
[not found] ` <1210164325.6434.22.camel@moss-spartans.epoch.ncsc.mil>
[not found] ` <7e0fb38c0805070817h72ac3ce7k24dc38b7eaf0ec24@mail.gmail.com>
[not found] ` <1210173806.6434.84.camel@moss-spartans.epoch.ncsc.mil>
2008-05-07 15:29 ` [PATCH v4] selinux: support deferred mapping of contexts Eric Paris
2008-05-07 16:48 ` Steve Grubb [this message]
2008-05-07 17:20 ` Stephen Smalley
2008-05-07 18:45 ` Steve Grubb
2008-05-08 15:10 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200805071248.13439.sgrubb@redhat.com \
--to=sgrubb@redhat.com \
--cc=eparis@parisplace.org \
--cc=jmorris@namei.org \
--cc=linux-audit@redhat.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox