The attached patch implements the full relabel audit event (Ie. an
audit event occurs when a full relabel occurs, ie. when /.autorelabel
exists at boot).
Note that although the code is correct, this patch doesn't actually
work due to kernel bugs[1].
It'll be in Fedora development as part of po
On Thu, 2006-05-25 at 17:01 -0400, James Antill wrote:
> The attached patch implements the full relabel audit event (Ie. an
> audit event occurs when a full relabel occurs, ie. when /.autorelabel
> exists at boot).
> Note that although the code is correct, this patch doesn't actually
> work due t
On Fri, 2006-05-26 at 13:05 -0400, Stephen Smalley wrote:
> On Thu, 2006-05-25 at 17:01 -0400, James Antill wrote:
> > The attached patch implements the full relabel audit event (Ie. an
> > audit event occurs when a full relabel occurs, ie. when /.autorelabel
> > exists at boot).
> > Note that al
On Fri, 2006-05-26 at 13:47 -0400, James Antill wrote:
> On Fri, 2006-05-26 at 13:05 -0400, Stephen Smalley wrote:
> > Hmmm...what is it that you actually want to do here? If you only care
> > about auditing autorelabel events, then I'd suggest generating the audit
> > message from the autorelabel
On Friday 26 May 2006 13:05, Stephen Smalley wrote:
> Hmmm...what is it that you actually want to do here?
We need to meet the requirements for LSPP where there is a relabel on boot,
but we do not want a record for each file that was touched. It was discussed
on the LSPP telecon a while back tha
On Friday 26 May 2006 14:03, Stephen Smalley wrote:
> I don't see the point when a) you only want it in that one case,
We do this already in several places. For example, we instrumented usermod,
but not chage. It was documented in the Security Target that usermod should
be used to alter user acc
