From: dwalsh@redhat.com (Daniel J Walsh)
Date: Thu, 18 Mar 2010 16:09:28 -0400
Subject: [refpolicy] system_logging.patch
In-Reply-To: <1268851211.13301.87.camel@gorn.columbia.tresys.com>
References: <4B8453BC.1080601@redhat.com>
	<1268851211.13301.87.camel@gorn.columbia.tresys.com>
Message-ID: <4BA28878.7010703@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 03/17/2010 02:40 PM, Christopher J. PeBenito wrote:
> On Tue, 2010-02-23 at 17:16 -0500, Daniel J Walsh wrote:
>    
>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_logging.patch
>>
>> New log context
>>
>> Allow setting audit tty
>>
>> Fixing interfaces
>>      
> Why are the sockets being set to system high?  Same thing for the pid
> file?  They don't have sensitive data.
>
>    
All audit data is SystemHigh.  /var/log/messages also.
> The logging_manage_all_logs() change is excessive, as "manage" doesn't
> include relabeling.
>
> Why does auditd need to use nsswitch?
>
>    
It calls getpw if there is a group set for the logfile.

> Otherwise merged.
>
>