Re: [PATCH] audit: file system auditing based on location and name

From: Timothy R. Chavez
Date: Thu Jul 07 2005 - 17:17:27 EST

Next message: domen: "[patch 1/4] drivers/char/ip2/i2lib.c: replace direct assignment with set_current_state()"
Previous message: domen: "[patch 3/4] char/n_tty: fix sparse warnings (__nocast type)"
In reply to: Arjan van de Ven: "Re: [PATCH] audit: file system auditing based on location and name"
Next in thread: serue: "Re: [PATCH] audit: file system auditing based on location and name"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday 07 July 2005 16:31, Arjan van de Ven wrote:
> On Thu, 2005-07-07 at 15:48 -0400, Steve Grubb wrote:
>
> > Tim's code lets you say I want change notification to this file only. The
> > notification follows the audit format with all relavant pieces of information
> > gathered at the time of the event and serialized with all other events.
>
> well can't you sort of do that based on (selinux) security context of
> the file already? after all that's part of the inode already. Isn't that
> finegrained enough?
>

Provided you make it that far, yes, SE Linux _could_ be used to provide
similar functionality. But, what if you bottom out on a DAC decision?

[foo@liltux /]$ cat /etc/shadow
cat: /etc/shadow: Permission denied

-tim
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: domen: "[patch 1/4] drivers/char/ip2/i2lib.c: replace direct assignment with set_current_state()"
Previous message: domen: "[patch 3/4] char/n_tty: fix sparse warnings (__nocast type)"
In reply to: Arjan van de Ven: "Re: [PATCH] audit: file system auditing based on location and name"
Next in thread: serue: "Re: [PATCH] audit: file system auditing based on location and name"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]