Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

RE: Auditd & Strict Policy 1.19: msg#00179

Subject: RE: Auditd & Strict Policy 1.19 
As you correctly mentioned, auditd worked by adding audit and audit_control to
the capability section of flask/access_vectors.

Noticed that audit.log shows "avc:  denied" kernel events that are not reported
in messages. Are these suppressed by the dontaudit rules in the policy?

Thank you for your help.

-----Original Message-----
From: fedora-selinux-list-bounces@xxxxxxxxxx
[mailto:fedora-selinux-list-bounces@xxxxxxxxxx]On Behalf Of Stephen
Smalley
Sent: Friday, May 20, 2005 5:17 PM
To: George J. Jahchan
Cc: Fedora SE Linux List
Subject: Re: Auditd & Strict Policy 1.19


On Fri, 2005-05-20 at 18:24 +0300, George J. Jahchan wrote:
> Followed your instructions, adding 'audit write & audit_control' at the end of
> the capability section in the policy/flask/access_vectors elicits the
following
> error message when making the policy:

That's audit_write and audit_control - two permissions, not three.

> ... too many permissions to fit in an access vector.

Off-by-one bug in checkpolicy, fixed after FC3, but shouldn't matter as
you only need two permissions here.

> Bearing in mind that the machines are live production hosts, how do you
> recommend we address this (from the available choices below)?
>
> 1) For a limited period of time (until FC4 is released), we can live with
having
> to switch to permissive mode in order to start the audit daemon, and revert
back
> to enforcing mode after it starts. The hosts are not taken down that often.
>
> 2) We can upgrade to FC4 strict policy, with no assurance that it will work or
> not cause other problems.
>
> 3) We can upgrade to pre-release FC4, again with no assurance that it will
work
> or will not introduce new weaknesses.

I've sent (via separate email) a copy of our current
policy/flask/security_classes, policy/flask/access_vectors,
policy/domains/program/auditd.te, and
policy/file_contexts/program/auditd.fc, so you can at least try those to
see if they resolve your issue for auditd (and they shouldn't impact
anything else).  If that resolves your problem, then feel free to stay
with FC3 until FC4 is out (schedule says June 6).

--
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  HELP: transition denied regardless of policy?, Aleksander Adamowski
Next by Date:  Multi-level security, George J. Jahchan
Previous by Thread:  Re: Auditd & Strict Policy 1.19, Stephen Smalley
Next by Thread:  RE: Auditd & Strict Policy 1.19, Stephen Smalley
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
qnx.openqnx.dev...    gcc.libstdc++.c...    solaris.opensol...    information-ret...    misc.misterhous...    web.catalyst.ge...    apache.webservi...    redhat.release....    hardware.lirc/2...    kernel.autofs/2...    technology.sust...    linux.vdr/2003-...    editors.lyx.gen...    org.user-groups...    netbsd.devel.pk...    xdg.devel/2004-...    version-control...    jakarta.slide.d...    debian.packages...    creativecommons...    ports.ppc.embed...    bug-tracking.bu...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe