From: Steve Grubb <sgrubb@redhat.com>
To: Peter Moody <pmoody@google.com>
Cc: linux-audit@redhat.com
Subject: Re: auditing syscalls made 'by' an inode?
Date: Fri, 8 Jun 2012 12:01:03 -0400 [thread overview]
Message-ID: <201206081201.03334.sgrubb@redhat.com> (raw)
In-Reply-To: <CALnj_=5+2yz=G3La9LLCbkhuO+ZyzqtKZOnT3OA1FJYwv_TPVw@mail.gmail.com>
On Friday, June 08, 2012 11:36:38 AM Peter Moody wrote:
> On Fri, Jun 8, 2012 at 7:49 AM, Daniel J Walsh <dwalsh@redhat.com> wrote:
> > On thing you could do would be to write a simple SELinux domain, like
> > auditproc_t and have unconfined_t transition to it using runcon.
>
> True, but this requires running selinux, which despite all of the
> excellent work you guys have put into making that easy (easier), is
> still a non-starter for some people.
I agree. I'd like to see the capability developed out because it might allow new
kinds of auditing. Like...you might want to audit syscalls with EPERM started by
apache and not under the httpd_t selinux context. :-)
-Steve
next prev parent reply other threads:[~2012-06-08 16:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-07 22:31 auditing syscalls made 'by' an inode? Peter Moody
2012-06-08 13:35 ` Steve Grubb
2012-06-08 13:51 ` Steve Grubb
2012-06-08 14:49 ` Daniel J Walsh
2012-06-08 15:36 ` Peter Moody
2012-06-08 16:01 ` Steve Grubb [this message]
2012-06-08 16:01 ` Casey Schaufler
2012-07-03 22:02 ` Peter Moody
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201206081201.03334.sgrubb@redhat.com \
--to=sgrubb@redhat.com \
--cc=linux-audit@redhat.com \
--cc=pmoody@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox