[prev in list] [next in list] [prev in thread] [next in thread]
List: selinux
Subject: Re: audit2allow and mls
From: Rosalie Hiebel <rosalie.hiebel () L-3Com ! com>
Date: 2007-02-05 19:44:11
Message-ID: p06002042c1ed38b34ce4 () [192 ! 168 ! 50 ! 32]
[Download RAW message or body]
>On Fri, 2007-02-02 at 11:25 -0500, Rosalie Hiebel wrote:
>> Is there version of audit2allow which is capable of generating
>>rules specific
>> to the mls policy? I see that audit2allow's tests for mls (calling
>> get_mls_flag),
>> but this is after the rules in the .te file have been generated.
>
>Not presently. Ideally, audit2allow could check whether the denial was
>caused by a constraint (as done by audit2why via libsepol) and then try
>to determine a type attribute that could be used as an override, and
>then call the appropriate refpolicy interface to add that attribute to
>the domain.
Do you mean that audit2why does check the constrain rules in mls policy ?
>--
>Stephen Smalley
>National Security Agency
>
>
>--
>This message was distributed to subscribers of the selinux mailing list.
>If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
>the words "unsubscribe selinux" without quotes as the message.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic