[prev in list] [next in list] [prev in thread] [next in thread]
List: selinux
Subject: Re: audit2allow and mls
From: Stephen Smalley <sds () tycho ! nsa ! gov>
Date: 2007-02-05 15:48:58
Message-ID: 1170690538.12293.281.camel () moss-spartans ! epoch ! ncsc ! mil
[Download RAW message or body]
On Fri, 2007-02-02 at 11:25 -0500, Rosalie Hiebel wrote:
> Is there version of audit2allow which is capable of generating rules specific
> to the mls policy? I see that audit2allow's tests for mls (calling
> get_mls_flag),
> but this is after the rules in the .te file have been generated.
Not presently. Ideally, audit2allow could check whether the denial was
caused by a constraint (as done by audit2why via libsepol) and then try
to determine a type attribute that could be used as an override, and
then call the appropriate refpolicy interface to add that attribute to
the domain.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic