From mboxrd@z Thu Jan  1 00:00:00 1970
From: Cai Xianchao <caixianchao@cn.fujitsu.com>
Subject: Re: ausearch / policy question
Date: Tue, 29 Jul 2008 17:30:45 +0800
Message-ID: <488EE345.2010407@cn.fujitsu.com>
References: <4889724E.2080106@cn.fujitsu.com>
	<1217007379.7093.218.camel@homeserver>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m6T9WcrX018071
	for <linux-audit@redhat.com>; Tue, 29 Jul 2008 05:32:38 -0400
Received: from song.cn.fujitsu.com (cn.fujitsu.com [222.73.24.84] (may be
	forged))
	by mx3.redhat.com (8.13.8/8.13.8) with ESMTP id m6T9WLTI003736
	for <linux-audit@redhat.com>; Tue, 29 Jul 2008 05:32:28 -0400
In-Reply-To: <1217007379.7093.218.camel@homeserver>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: LC Bruzenak <lenny@magitekltd.com>
Cc: Linux Audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

LC Bruzenak said the following on 2008-07-26 1:36:
> On Fri, 2008-07-25 at 14:27 +0800, Cai Xianchao wrote:
>
>  =20
>>> type=3DAVC msg=3Daudit(07/23/2008 17:18:44.292:1622) : avc:  denied
>>> { read } for  pid=3D4033 comm=3Dausearch name=3Daudit.log dev=3Ddm-0 =
ino=3D24698
>>> scontext=3Droot:staff_r:staff_t:s0-s15:c0.c1023
>>> tcontext=3Dsystem_u:object_r:auditd_log_t:s15:c0.c1023 tclass=3Dfile=20
>>>
>>>  =20
>>>      =20
>> =20
>> In the message, the level of audit.log is s15:c0.c1023, while the curr=
ent
>> process is s0. So the process can't read audit.log and AVSs are produc=
ted.
>>
>>
>>    =20
> scontext includes sensitivity levels range s0-s15.
>
> Doesn't that include tcontext sensitivity level s0 (same
> classifications)?
>
> Thx,
> LCB.
>  =20

In the message, low level of tcontext is equal to high level,
it is s15, not s0.




--=20

Regards
Cai Xianchao

A new email address of FJWAN is launched from Apr.1 2007.
The updated address is: caixianchao@cn.fujitsu.com
--------------------------------------------------
Cai Xianchao
Development Dept.I
Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST)
8/F., Civil Defense Building, No.189 Guangzhou Road,
Nanjing, 210029, China
TEL: +86+25-86630566-837
COINS: 79955-837
FAX: +86+25-83317685
Mail=EF=BC=9Acaixianchao@cn.fujitsu.com
--------------------------------------------------
This communication is for use by the intended recipient(s) only and may c=
ontain information that is privileged, confidential and exempt from discl=
osure under applicable law. If you are not an intended recipient of this =
communication, you are hereby notified that any dissemination, distributi=
on or copying hereof is strictly prohibited.  If you have received this c=
ommunication in error, please notify me by reply e-mail, permanently dele=
te this communication from your system, and destroy any hard copies you m=
ay have printed