Darrel Goeddel wrote: > I recently noticed that we never got around to doing object filters > based on context... This patch introduces object audit filters > based on the fields of the SELinux context. I put in everything > (user, role, type, levels) even though I don't think user and role > will be of use. I'm also open to names on the filters because I > couldn't really think of anything that sounded really good > (especially for the object's mls - "ol1 means object level 1" and > "ol2 means object level2"...). So, I'll trim and rename if people > want that. This is just the kernel part, the userspace patch to > handle these fields is forthcoming. One more thing - this patch > only checks the contexts of filesystem objects. We also collect > sids for ipc objects in the aux structs, should I also loop through > those and filter based on the sids contained in AUDIT_IPC records?
I would think so. -- ljk -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
