Re: [RFC] TOMOYO Linux

From: Rik van Riel
Date: Wed Jun 13 2007 - 17:42:39 EST


Toshiharu Harada wrote:
2007/6/14, Rik van Riel <riel@xxxxxxxxxx>:
> So I think pathname based call chains are advantages for
> at least auditing and profiling.

SELinux audit logs (well, whatever is in /var/log/audit on
my system) does show the path names of objects that fail to
be accessed as well as the name and context of the processes
trying to access them.

This is with standard Fedora and RHEL installations.

Thank you for your comment.

SELinux has a well designed robust and flexible functions.
So it should be used for everywhere. I understand it.
As you mentioned one can analyze the system (process)
behaviors from AVC logs. But the maintenance cost is not trivial.

If logging with process context is the only purpose,
current TOMOYO Linux can do it with no hustle at all.

Yes, but so does standard SELinux.

You are making me curious: what does TOMOYO do that is
not done by regular SELinux?

Logging with process name, path name and contexts is
already done. I must have missed some other TOMOYO
feature in your initial email...

--
All Rights Reversed
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/