From: konrad.azzopardi@gmail.com (Konrad Azzopardi) Date: Tue, 2 Dec 2008 23:53:47 +0100 Subject: [refpolicy] bin_t Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Dear all, If I am now confining SAMHAIN integrity checker with all features switched on. The daemon, is spawning a "ps" , and Checking for hidden/fake/missing processes. The module works by searching the complete range of possible PIDs for processes, and comparing the list of processes thus found against the output of ps. Of course if i do not make a domain transition to bin_t everything failing but is it bin_t too wide ? What would be the best way to go around this, since ps is bin_t just like all the other binaries ? Sorry I am still relatively new so this may be trivial but I guess bin_t is allowed to do a lot of things. Many thanks Konrad