On Tue, 2006-08-08 at 12:21 -0500, Klaus Weidner wrote: > On Tue, Aug 08, 2006 at 12:52:37PM -0400, Stephen Smalley wrote: > > Not sure if it would satisfy the need, but you could put auditallow > > statements in the policy to trigger SELinux audit messages (and thus > > also syscall audit messages at syscall exit) for these kinds of > > operations, e.g. > > # Audit setting of fscreate attribute. > > auditallow domain self:process setfscreate; > > or > > # Audit writing to all /proc/pid files. > > auditallow domain self:file write; > > This sounds like a good solution, I didn't know that this works. Can > someone verify that the audit record contains the LSPP required data such > as the subject label? >
Thanks Klaus. Thiago and I will verify this. -Janak > (My RHEL system currently doesn't boot since VMWare appears not to like > the lspp.46 kernel, I haven't had time yet to look into it.) > > -Klaus > > -- > redhat-lspp mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/redhat-lspp -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
