Hello.
I just now made demo movies how TOMOYO Linux looks like.
http://tomoyo.sourceforge.jp/data/CentOS5-install.avi is
a movie that demonstrates how to install TOMOYO Linux 1.4.1 on CentOS 5.
http://tomoyo.sourceforge.jp/data/CentOS5-learning.avi is
a movie that demonstrates how the TOMOYO Lin
Stephen Smalley wrote:
On Wed, 2007-06-13 at 23:22 +0900, Toshiharu Harada wrote:
2007/6/13, Stephen Smalley <[EMAIL PROTECTED]>:
On Wed, 2007-06-13 at 17:13 +0900, Toshiharu Harada wrote:
Here are examples:
/bin/bash process invoked from mingetty: /sbin/mingetty /bin/bash
/bin/bash process in
Stephen,
Thank you for your interests and comment.
I'm beginning to feel that you might be misunderstanding
my message. Let me explain.
Stephen Smalley wrote:
On Wed, 2007-06-13 at 17:13 +0900, Toshiharu Harada wrote:
A couple of years ago, we tried to build a tool to generate
SELinux policy (
Hello.
James Morris wrote:
> Note that while SELinux does also have a similar capability with the
> audit2allow tool, it should be considered an expert tool, the output of
> which needs to be understood before use (as noted in its man page).
Yes, adding "allow" statement without understanding wh
On Wed, 2007-06-13 at 16:32 -0700, william(at)elan.net wrote:
> On Thu, 14 Jun 2007, Toshiharu Harada wrote:
>
> > 2007/6/14, Rik van Riel <[EMAIL PROTECTED]>:
> >> Toshiharu Harada wrote:
> >> > 2007/6/14, Rik van Riel <[EMAIL PROTECTED]>:
> >> > SELinux has a well designed robust and flexible fu
Morris, thank you for your comment.
2007/6/14, James Morris <[EMAIL PROTECTED]>:
On Thu, 14 Jun 2007, Toshiharu Harada wrote:
> TOMOYO Linux has a mode called "learning"
> in addition to "permissive" and "enforce". You can easily
> get the TOMOYO Linux policy with learning mode that
> SELinux d
On Thu, 14 Jun 2007, Toshiharu Harada wrote:
2007/6/14, Rik van Riel <[EMAIL PROTECTED]>:
Toshiharu Harada wrote:
> 2007/6/14, Rik van Riel <[EMAIL PROTECTED]>:
> SELinux has a well designed robust and flexible functions.
> So it should be used for everywhere. I understand it.
> As you mentio
On Thu, 14 Jun 2007, Toshiharu Harada wrote:
> TOMOYO Linux has a mode called "learning"
> in addition to "permissive" and "enforce". You can easily
> get the TOMOYO Linux policy with learning mode that
> SELinux does not have.
Blindly generating security policy through observation of the system
2007/6/14, Rik van Riel <[EMAIL PROTECTED]>:
Toshiharu Harada wrote:
> 2007/6/14, Rik van Riel <[EMAIL PROTECTED]>:
> SELinux has a well designed robust and flexible functions.
> So it should be used for everywhere. I understand it.
> As you mentioned one can analyze the system (process)
> behav
Toshiharu Harada wrote:
2007/6/14, Rik van Riel <[EMAIL PROTECTED]>:
> So I think pathname based call chains are advantages for
> at least auditing and profiling.
SELinux audit logs (well, whatever is in /var/log/audit on
my system) does show the path names of objects that fail to
be accessed a
2007/6/14, Rik van Riel <[EMAIL PROTECTED]>:
> So I think pathname based call chains are advantages for
> at least auditing and profiling.
SELinux audit logs (well, whatever is in /var/log/audit on
my system) does show the path names of objects that fail to
be accessed as well as the name and co
Toshiharu Harada wrote:
So I think pathname based call chains are advantages for
at least auditing and profiling.
SELinux audit logs (well, whatever is in /var/log/audit on
my system) does show the path names of objects that fail to
be accessed as well as the name and context of the processes
On Wed, 2007-06-13 at 23:22 +0900, Toshiharu Harada wrote:
> 2007/6/13, Stephen Smalley <[EMAIL PROTECTED]>:
> > On Wed, 2007-06-13 at 17:13 +0900, Toshiharu Harada wrote:
> > > Here are examples:
> > > /bin/bash process invoked from mingetty: /sbin/mingetty /bin/bash
> > > /bin/bash process invoke
2007/6/13, Stephen Smalley <[EMAIL PROTECTED]>:
On Wed, 2007-06-13 at 17:13 +0900, Toshiharu Harada wrote:
> Here are examples:
> /bin/bash process invoked from mingetty: /sbin/mingetty /bin/bash
> /bin/bash process invoked from sshd: /usr/sbin/sshd /bin/bash
> /bin/bash process invoked from /bin
On Wed, 2007-06-13 at 17:13 +0900, Toshiharu Harada wrote:
> Hello,
>
> A couple of years ago, we tried to build a tool to generate
> SELinux policy (*1). To do that, we had to gather the access
> requests information. So we researched a profiling method and
> got to the idea of having a process t
Hello,
A couple of years ago, we tried to build a tool to generate
SELinux policy (*1). To do that, we had to gather the access
requests information. So we researched a profiling method and
got to the idea of having a process to store its invocation
history information (or ancestors).
Here are e
16 matches
Mail list logo