seipccreate is dead. it will not be implemented without a user. setsockcreate i believe is already there....
-Eric On Wed, 2006-10-04 at 12:41 -0500, Klaus Weidner wrote: > On Wed, Oct 04, 2006 at 11:20:32AM -0400, Linda Knippers wrote: > > Thanks for the reminder about that thread. > > https://www.redhat.com/archives/redhat-lspp/2006-August/msg00008.html > > > > I didn't really see a conclusion though. Dan was waiting to hear from > > Steve. Steve didn't like it for the reasons I mentioned above. Were > > the auditallows added to the MLS policy? Did anyone create a module? > > Yes, it's part of the "lspp_policy" module included in the kickstart > config RPM I posted yesterday. > > This reminds me - can we assume that the setsocketcreate and > setipccreate attributes will remain unimplemented for RHEL5? If they get > added at the last minute the people who write the tests would get very > unhappy. > > -Klaus > > policy_module(lspp_policy,1.0) > > gen_require(` > attribute domain; > ') > > # Audit setting of security relevant process attributes > # These settings are OPTIONAL > auditallow domain self:process setcurrent; > auditallow domain self:process setexec; > auditallow domain self:process setfscreate; > #auditallow domain self:process setsocketcreate; # FIXME > #auditallow domain self:process setipccreate; # FIXME > > -- > redhat-lspp mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/redhat-lspp -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
