LinuxLists.cc - [refpolicy] system

2009-11-12 22:13:00

by Daniel Walsh

[permalink] [raw]

Subject: [refpolicy] system_logging.patch

http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_logging.patch

Latest audit system handling.

2009-11-24 14:32:58

by cpebenito

[permalink] [raw]

Subject: [refpolicy] system_logging.patch

On Thu, 2009-11-12 at 17:13 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_logging.patch
> Latest audit system handling.

> -/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,s0)
> -/var/run/audispd_events -s gen_context(system_u:object_r:audisp_var_run_t,s0)
> -/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,s0)
> -/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,s0)
> +/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
> +/var/run/audispd_events -s gen_context(system_u:object_r:audisp_var_run_t,mls_systemhigh)
> +/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
> +/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
> /var/run/klogd\.pid -- gen_context(system_u:object_r:klogd_var_run_t,s0)
> /var/run/log -s gen_context(system_u:object_r:devlog_t,s0)
> /var/run/metalog\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
> /var/run/syslogd\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)

Why do sockets need to be system high?

> +optional_policy(`
> + dbus_system_bus_client(audisp_t)
> +
> + optional_policy(`
> + setroubleshoot_dbus_chat(audisp_t)
> + ')
> +')

Is audisp actually doing this, or is it a script it runs that is doing
this? If its the latter, it needs its own policy.

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

2009-11-24 15:56:33

by Daniel Walsh

[permalink] [raw]

Subject: [refpolicy] system_logging.patch

On 11/24/2009 09:32 AM, Christopher J. PeBenito wrote:
> On Thu, 2009-11-12 at 17:13 -0500, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_logging.patch
>> Latest audit system handling.
>
>
>> -/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,s0)
>> -/var/run/audispd_events -s gen_context(system_u:object_r:audisp_var_run_t,s0)
>> -/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,s0)
>> -/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,s0)
>> +/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>> +/var/run/audispd_events -s gen_context(system_u:object_r:audisp_var_run_t,mls_systemhigh)
>> +/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>> +/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>> /var/run/klogd\.pid -- gen_context(system_u:object_r:klogd_var_run_t,s0)
>> /var/run/log -s gen_context(system_u:object_r:devlog_t,s0)
>> /var/run/metalog\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
>> /var/run/syslogd\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
>
> Why do sockets need to be system high?
>
>> +optional_policy(`
>> + dbus_system_bus_client(audisp_t)
>> +
>> + optional_policy(`
>> + setroubleshoot_dbus_chat(audisp_t)
>> + ')
>> +')
>
> Is audisp actually doing this, or is it a script it runs that is doing
> this? If its the latter, it needs its own policy.
>
>
It is sedisp, so I guess it could have its own policy.

2009-11-24 15:57:48

by Daniel Walsh

[permalink] [raw]

Subject: [refpolicy] system_logging.patch

On 11/24/2009 10:56 AM, Daniel J Walsh wrote:
> On 11/24/2009 09:32 AM, Christopher J. PeBenito wrote:
>> On Thu, 2009-11-12 at 17:13 -0500, Daniel J Walsh wrote:
>>> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_logging.patch
>>> Latest audit system handling.
>>
>>
>>> -/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,s0)
>>> -/var/run/audispd_events -s gen_context(system_u:object_r:audisp_var_run_t,s0)
>>> -/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,s0)
>>> -/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,s0)
>>> +/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>>> +/var/run/audispd_events -s gen_context(system_u:object_r:audisp_var_run_t,mls_systemhigh)
>>> +/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>>> +/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>>> /var/run/klogd\.pid -- gen_context(system_u:object_r:klogd_var_run_t,s0)
>>> /var/run/log -s gen_context(system_u:object_r:devlog_t,s0)
>>> /var/run/metalog\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
>>> /var/run/syslogd\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
>>
>> Why do sockets need to be system high?
>>
So processes that listen on these socketes have to be system_high. They are providing system_high information.
>>> +optional_policy(`
>>> + dbus_system_bus_client(audisp_t)
>>> +
>>> + optional_policy(`
>>> + setroubleshoot_dbus_chat(audisp_t)
>>> + ')
>>> +')
>>
>> Is audisp actually doing this, or is it a script it runs that is doing
>> this? If its the latter, it needs its own policy.
>>
>>
> It is sedisp, so I guess it could have its own policy.
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy