From: dwalsh@redhat.com (Daniel J Walsh)
Date: Fri, 19 Mar 2010 08:22:38 -0400
Subject: [refpolicy] Fwd: Re: system_logging.patch
In-Reply-To: <1269000897.5623.83.camel@gorn.columbia.tresys.com>
References: <4BA25F04.7030105@redhat.com>	
	<201003181615.22542.sgrubb@redhat.com>
	<1269000897.5623.83.camel@gorn.columbia.tresys.com>
Message-ID: <4BA36C8E.3050801@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 03/19/2010 08:14 AM, Christopher J. PeBenito wrote:
> On Thu, 2010-03-18 at 16:15 -0400, Steve Grubb wrote:
>    
>> On Thursday 18 March 2010 01:12:36 pm Daniel J Walsh wrote:
>>      
>>>>   New log context
>>>>   Allow setting audit tty
>>>>   Fixing interfaces
>>>>          
>>> Why are the sockets being set to system high?  Same thing for the pid
>>> file?  They don't have sensitive data.
>>>        
>> /var/run/audispd_events and the pid file is the only thing I recognize as being
>> from the audit system. The audit system and everything related to it must be
>> at system high.
>>      
> Again, why?  The socket and pid file do not have sensitive data.  The
> daemon and the log files have the sensitive data.
>
>    
So your saying the ability to connect to the socket is going to be 
blocked on the connecto based on the level of the process on the other 
end of the socket.

setroubleshoot_t:SystemLow is not going to be able to connectto 
auditd_t:SystemHigh no matter what the socket and pid file are labeled.