On Friday 15 September 2006 15:28, Stephen Smalley wrote: > Are you sure? What do you want to audit? > newrole -r typoinrolename ? > newrole -r sysadm_r for user not authorized for that role? > any error exit path out of newrole? > > The first two cases look exactly identical to newrole btw - it just gets > an error from security_check_context() telling it that the context > wasn't valid, not why.
I think we only need to say that the result was a failure. We do not need to say why it failed. > > What other SE Linux programs are considered "trusted" and require audit > > messages when they fail to be used properly? The only other program that > > I can think of that is audit enhanced is semanage. > > semodule came up recently (in order to distinguish different module > operations at finer granularity than the kernel can see). OK, I guess we'll look at that too. -Steve -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
