[prev in list] [next in list] [prev in thread] [next in thread]
List: selinux
Subject: Re: Adding audit message to newrole
From: Stephen Smalley <sds () tycho ! nsa ! gov>
Date: 2006-01-27 20:55:09
Message-ID: 1138395309.13075.410.camel () moss-spartans ! epoch ! ncsc ! mil
[Download RAW message or body]
On Fri, 2006-01-27 at 06:09 -0800, Steve G wrote:
> Hi,
>
> I am attaching a patch that lets newrole send messages to the audit system. This
> patch needs review as it changes newrole to be setuid root. The patch drops
> capabilities immediately after startup.
>
> To enable the patch, you would change the make commands to the following:
>
> make LOG_AUDIT_PRIV="y"
> make LOG_AUDIT_PRIV="y" install
>
> You will need recent audit package in order to compile newrole since it uses the
> USER_ROLE_CHANGE message type. It is available in version 1.1.2 and later. There
> is also a dependency on a kernel patch that is not upstream yet that can be found
> here:
>
> https://www.redhat.com/archives/linux-audit/2005-October/msg00059.html
>
> This patch is in the lspp test kernels.
Thanks, merged as of policycoreutils 1.29.15.
Note: Do not build with LOG_AUDIT_PRIV=y unless the kernel includes the
necessary patch (which is not in the Fedora kernel yet, only in the LSPP
kernel). This is disabled by default (LOG_AUDIT_PRIV=n).
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic