Re: [RFC]integrity: SELinux patch

From: James Morris <jmorris_at_nospam>
Date: Tue Jul 17 2007 - 14:54:37 GMT
To: Mimi Zohar <zohar@linux.vnet.ibm.com>

On Tue, 17 Jul 2007, Mimi Zohar wrote:

> No, it isn't being audited, but should be. The question is what type of audit
> message would be appropriate here. It could be the normal denied/granted
> message, but that would be confusing as this isn't based on a permission or
> capability check, but an integrity error. Any suggestions how to handle this
> here and in the other places?

If integrity is being enforced, then the final AVC denial should include information that it was because of an integrity failure.

I'm not sure that it's useful to have non-enforced integrity, aside from debugging/development use.

For general use, it should either be enabled or disabled.

James -- James Morris <jmorris@namei.org>

-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.

This message: [ Message body ]
Next message: Stephen Smalley: "Re: [RFC]integrity: SELinux patch"
Previous message: James Morris: "Re: [RFC]integrity: SELinux patch"
In reply to: Mimi Zohar: "Re: [RFC]integrity: SELinux patch"
Next in thread: Steve G: "Re: [RFC]integrity: SELinux patch"
Reply: Steve G: "Re: [RFC]integrity: SELinux patch"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]