[prev in list] [next in list] [prev in thread] [next in thread]
List: refpolicy
Subject: [refpolicy] system_logging.patch
From: dwalsh () redhat ! com (Daniel J Walsh)
Date: 2009-11-24 15:57:48
Message-ID: 4B0C027C.60607 () redhat ! com
[Download RAW message or body]
On 11/24/2009 10:56 AM, Daniel J Walsh wrote:
> On 11/24/2009 09:32 AM, Christopher J. PeBenito wrote:
> > On Thu, 2009-11-12 at 17:13 -0500, Daniel J Walsh wrote:
> > > http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_logging.patch
> > > Latest audit system handling.
> >
> >
> > > -/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,s0)
> > > -/var/run/audispd_events -s gen_context(system_u:object_r:audisp_var_run_t,s0)
> > > -/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,s0)
> > > -/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,s0)
> > > +/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
> > > +/var/run/audispd_events -s gen_context(system_u:object_r:audisp_var_run_t,mls_systemhigh)
> > > +/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
> > > +/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
> > >
> > > /var/run/klogd\.pid -- gen_context(system_u:object_r:klogd_var_run_t,s0)
> > > /var/run/log -s gen_context(system_u:object_r:devlog_t,s0)
> > > /var/run/metalog\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
> > > /var/run/syslogd\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
> >
> > Why do sockets need to be system high?
> >
So processes that listen on these socketes have to be system_high. They are \
providing system_high information.
> > > +optional_policy(`
> > > + dbus_system_bus_client(audisp_t)
> > > +
> > > + optional_policy(`
> > > + setroubleshoot_dbus_chat(audisp_t)
> > > + ')
> > > +')
> >
> > Is audisp actually doing this, or is it a script it runs that is doing
> > this? If its the latter, it needs its own policy.
> >
> >
> It is sedisp, so I guess it could have its own policy.
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic