Quoting Timothy R. Chavez ([EMAIL PROTECTED]): > On Thursday 07 July 2005 16:31, Arjan van de Ven wrote: > > On Thu, 2005-07-07 at 15:48 -0400, Steve Grubb wrote: > > > > > Tim's code lets you say I want change notification to this file only. The > > > notification follows the audit format with all relavant pieces of > > > information > > > gathered at the time of the event and serialized with all other events. > > > > well can't you sort of do that based on (selinux) security context of > > the file already? after all that's part of the inode already. Isn't that > > finegrained enough? > > > > Provided you make it that far, yes, SE Linux _could_ be used to provide > similar functionality. But, what if you bottom out on a DAC decision? > > [EMAIL PROTECTED] /]$ cat /etc/shadow > cat: /etc/shadow: Permission denied
Additionally, the apps would need to either be rewritten to create the files under the audited context, or policy would have to cause all files created by those apps to be under the audited context. Neither one of those options is satisfactory. thanks, -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/