I agree with the configuration utility using USYS_CONFIG. I would think the device allocator command itself would either get a new audit message type for allocating/deallocating in the LSPP message range or use the trusted_app define.
Steve, Klaus, what do you think? -Chad > -----Original Message----- > From: Debora Velarde [mailto:[EMAIL PROTECTED] > Sent: Thursday, May 11, 2006 7:08 PM > To: Steve Grubb > Cc: [email protected]; [EMAIL PROTECTED] > Subject: Re: [redhat-lspp] device_allocator audit records > > > Steve Grubb <[EMAIL PROTECTED]> wrote on 05/04/2006 12:07:32 PM: > > > On Thursday 04 May 2006 14:51, Debora Velarde wrote: > > > Below are some sample audit records generated by device_allocator. > > > > They are USER messages. I think they should have a > different type than > that. > > > > Below are the message types that I am planning to change the > device_allocator records to. > Unless you would prefer to put new message types specific to > device_allocator inside libaudit.h. > > // admin adds a user accessible device to the configuration file > # dev_allocator_config -a -n cdrom -f /dev/cdrom -c cdrom -m > SystemLow -x > SystemHigh > type=USER msg=audit(1146766083.884:9290): user pid=14757 uid=0 auid=0 > msg='devmgr: device="/dev/cdrom" > context="system_u:object_r:unallocated_device_t:SystemLow", device > initialized to unallocated state' > type=USER msg=audit(1146766083.884:9291): user pid=14757 uid=0 auid=0 > msg='devmgr: configuration file altered' > // New type to be changed to: > // #define AUDIT_USYS_CONFIG 1111 /* User space > system config > change */ > > > // allocate device > $ dev_allocator -a /dev/cdrom > type=USER msg=audit(1146766179.402:9293): user pid=14766 > uid=0 auid=501 > msg='devmgr: device="/dev/cdrom" > context="system_u:object_r:removable_device_t:SystemLow", device > allocated' > // New type to be changed to: > // #define AUDIT_CRED_ACQ 1103 /* User space credential > acquired */ > > > // unallocate the device > $ dev_allocator -u /dev/cdrom > type=USER msg=audit(1146513843.584:8139): user pid=27579 > uid=0 auid=501 > msg='devmgr: device="/dev/cdrom" > context="system_u:object_r:unallocated_device_t:SystemLow", device > unallocated' > // New type to be changed to: > // #define AUDIT_CRED_DISP 1104 /* User space credential > disposed */ > > > // admin deletes the device from the configuration file > # dev_allocator_config -d -n cdrom -f /dev/cdrom > type=USER msg=audit(1146766993.245:9296): user pid=14829 uid=0 auid=0 > msg='devmgr: device="/dev/cdrom" > context="system_u:object_r:removable_device_t:SystemLow", > device released > from management' > type=USER msg=audit(1146766993.249:9297): user pid=14829 uid=0 auid=0 > msg='devmgr: configuration file altered' > // New type to be changed to: > // #define AUDIT_USYS_CONFIG 1111 /* User space > system config > change */ > > > -- > redhat-lspp mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/redhat-lspp > -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
