From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 19 Mar 2010 08:14:57 -0400
Subject: [refpolicy] Fwd: Re: system_logging.patch
In-Reply-To: <201003181615.22542.sgrubb@redhat.com>
References: <4BA25F04.7030105@redhat.com>
	<201003181615.22542.sgrubb@redhat.com>
Message-ID: <1269000897.5623.83.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 2010-03-18 at 16:15 -0400, Steve Grubb wrote:
> On Thursday 18 March 2010 01:12:36 pm Daniel J Walsh wrote:
> > >  New log context
> > >  Allow setting audit tty
> > >  Fixing interfaces
> > 
> > Why are the sockets being set to system high?  Same thing for the pid
> > file?  They don't have sensitive data.
> 
> /var/run/audispd_events and the pid file is the only thing I recognize as being 
> from the audit system. The audit system and everything related to it must be 
> at system high.

Again, why?  The socket and pid file do not have sensitive data.  The
daemon and the log files have the sensitive data.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150