On Wed, 2006-10-04 at 13:51 -0400, Eric Paris wrote: > seipccreate is dead. it will not be implemented without a user. > setsockcreate i believe is already there....
but not defined in policy (flask/access_vectors) so no one can use it in policy (but the kernel will deny it unless your allow rule implicitly grants it via a * or a set complement). > > -Eric > > On Wed, 2006-10-04 at 12:41 -0500, Klaus Weidner wrote: > > On Wed, Oct 04, 2006 at 11:20:32AM -0400, Linda Knippers wrote: > > > Thanks for the reminder about that thread. > > > https://www.redhat.com/archives/redhat-lspp/2006-August/msg00008.html > > > > > > I didn't really see a conclusion though. Dan was waiting to hear from > > > Steve. Steve didn't like it for the reasons I mentioned above. Were > > > the auditallows added to the MLS policy? Did anyone create a module? > > > > Yes, it's part of the "lspp_policy" module included in the kickstart > > config RPM I posted yesterday. > > > > This reminds me - can we assume that the setsocketcreate and > > setipccreate attributes will remain unimplemented for RHEL5? If they get > > added at the last minute the people who write the tests would get very > > unhappy. > > > > -Klaus > > > > policy_module(lspp_policy,1.0) > > > > gen_require(` > > attribute domain; > > ') > > > > # Audit setting of security relevant process attributes > > # These settings are OPTIONAL > > auditallow domain self:process setcurrent; > > auditallow domain self:process setexec; > > auditallow domain self:process setfscreate; > > #auditallow domain self:process setsocketcreate; # FIXME > > #auditallow domain self:process setipccreate; # FIXME > > > > -- > > redhat-lspp mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/redhat-lspp > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to [EMAIL PROTECTED] with > the words "unsubscribe selinux" without quotes as the message. -- Stephen Smalley National Security Agency -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
