From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: [PATCH] Inter-field comparisons between uid/euid and gid/egid Date: Mon, 12 Dec 2011 12:48:21 -0500 Message-ID: <201112121248.21666.sgrubb@redhat.com> References: <201112120927.50480.sgrubb@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Peter Moody Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com On Monday, December 12, 2011 11:35:25 AM Peter Moody wrote: > On Mon, Dec 12, 2011 at 6:27 AM, Steve Grubb wrote: > > On Sunday, December 11, 2011 02:04:24 PM Peter Moody wrote: > > > Not sure if this is the right way to go about this, but I've got a > > > couple of patches I'd like to be considered for inclusion. > > > > I think we really want all permutations covered so we don't revisit this > > every > > month or two. > > Ok. Do you want me to include subj_user/obj_user, subj_role/obj_role, > subj_type/obj_type as well No, the MAC subsystems should be able to log that themselves. > or just the uid/fsuid, gid/fsgid, uid/suid, gid/sgid? Closer. All permutations of uid and gid being able to compare against either object or process credentials. Like auid!=ouid or auid!=uid. Thanks, -Steve