On Mon, 2008-10-06 at 17:10 -0400, Steve Grubb wrote:
> On Monday 06 October 2008 03:52:11 pm Daniel J Walsh wrote:
> > Christopher J. PeBenito wrote:
> > > On Wed, 2008-09-24 at 16:53 -0400, Daniel J Walsh wrote:
> > >> http://people.fedoraproject.org/~dwalsh/SELinux/F10/flask_access_vectors
> > >>.patch
> > >>
> > >> Add nlmsg_tty_audit for netlink_audit_socket.
> > >
> > > Is there a reference for this? I don't remember seeing anything on the
> > > main SELinux list.
> >
> > This comes from the new auditing keystroke patch to the kernel. Not sure
> > if this was talked about on selinux or just audit list.
> >
> > Added sgrubb since I am not sure he is on the refpolicy list.
>
> No I am not on that list. I sent a patch
>
> http://article.gmane.org/gmane.comp.security.selinux/6759
>
> a long time ago allowing better control of TTY audit because the alternative
> is to allow setting audit rules on processes that we only need to send tty
> info. So, this should reduce the capabilities required for some processes and
> keep the audit system better protected.
>
> This is a more detailed description of what the audit side is:
>
> https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html
>
> Everything is in place to use this except SE Linux policy.
So the permission is in Linus' tree? or James'?
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150