* [refpolicy] system_logging.patch
@ 2010-02-23 22:16 Daniel J Walsh
2010-03-17 18:40 ` Christopher J. PeBenito
0 siblings, 1 reply; 11+ messages in thread
From: Daniel J Walsh @ 2010-02-23 22:16 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_logging.patch
New log context
Allow setting audit tty
Fixing interfaces
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] system_logging.patch
2010-02-23 22:16 [refpolicy] system_logging.patch Daniel J Walsh
@ 2010-03-17 18:40 ` Christopher J. PeBenito
2010-03-18 20:09 ` Daniel J Walsh
0 siblings, 1 reply; 11+ messages in thread
From: Christopher J. PeBenito @ 2010-03-17 18:40 UTC (permalink / raw)
To: refpolicy
On Tue, 2010-02-23 at 17:16 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_logging.patch
>
> New log context
>
> Allow setting audit tty
>
> Fixing interfaces
Why are the sockets being set to system high? Same thing for the pid
file? They don't have sensitive data.
The logging_manage_all_logs() change is excessive, as "manage" doesn't
include relabeling.
Why does auditd need to use nsswitch?
Otherwise merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] system_logging.patch
2010-03-17 18:40 ` Christopher J. PeBenito
@ 2010-03-18 20:09 ` Daniel J Walsh
0 siblings, 0 replies; 11+ messages in thread
From: Daniel J Walsh @ 2010-03-18 20:09 UTC (permalink / raw)
To: refpolicy
On 03/17/2010 02:40 PM, Christopher J. PeBenito wrote:
> On Tue, 2010-02-23 at 17:16 -0500, Daniel J Walsh wrote:
>
>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_logging.patch
>>
>> New log context
>>
>> Allow setting audit tty
>>
>> Fixing interfaces
>>
> Why are the sockets being set to system high? Same thing for the pid
> file? They don't have sensitive data.
>
>
All audit data is SystemHigh. /var/log/messages also.
> The logging_manage_all_logs() change is excessive, as "manage" doesn't
> include relabeling.
>
> Why does auditd need to use nsswitch?
>
>
It calls getpw if there is a group set for the logfile.
> Otherwise merged.
>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] system_logging.patch
@ 2010-08-26 23:39 Daniel J Walsh
0 siblings, 0 replies; 11+ messages in thread
From: Daniel J Walsh @ 2010-08-26 23:39 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/system_logging.patch
LOts of logs stored in random dirs.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx2+x8ACgkQrlYvE4MpobOUgwCeN/Fg/kKHoym3P877I98+CkTd
F9cAn0bMcsWQFdJZY6CmyfcM/7f28xMX
=7ycr
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] system_logging.patch
2009-11-24 15:56 ` Daniel J Walsh
@ 2009-11-24 15:57 ` Daniel J Walsh
0 siblings, 0 replies; 11+ messages in thread
From: Daniel J Walsh @ 2009-11-24 15:57 UTC (permalink / raw)
To: refpolicy
On 11/24/2009 10:56 AM, Daniel J Walsh wrote:
> On 11/24/2009 09:32 AM, Christopher J. PeBenito wrote:
>> On Thu, 2009-11-12 at 17:13 -0500, Daniel J Walsh wrote:
>>> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_logging.patch
>>> Latest audit system handling.
>>
>>
>>> -/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,s0)
>>> -/var/run/audispd_events -s gen_context(system_u:object_r:audisp_var_run_t,s0)
>>> -/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,s0)
>>> -/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,s0)
>>> +/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>>> +/var/run/audispd_events -s gen_context(system_u:object_r:audisp_var_run_t,mls_systemhigh)
>>> +/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>>> +/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>>> /var/run/klogd\.pid -- gen_context(system_u:object_r:klogd_var_run_t,s0)
>>> /var/run/log -s gen_context(system_u:object_r:devlog_t,s0)
>>> /var/run/metalog\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
>>> /var/run/syslogd\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
>>
>> Why do sockets need to be system high?
>>
So processes that listen on these socketes have to be system_high. They are providing system_high information.
>>> +optional_policy(`
>>> + dbus_system_bus_client(audisp_t)
>>> +
>>> + optional_policy(`
>>> + setroubleshoot_dbus_chat(audisp_t)
>>> + ')
>>> +')
>>
>> Is audisp actually doing this, or is it a script it runs that is doing
>> this? If its the latter, it needs its own policy.
>>
>>
> It is sedisp, so I guess it could have its own policy.
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] system_logging.patch
2009-11-24 14:32 ` Christopher J. PeBenito
@ 2009-11-24 15:56 ` Daniel J Walsh
2009-11-24 15:57 ` Daniel J Walsh
0 siblings, 1 reply; 11+ messages in thread
From: Daniel J Walsh @ 2009-11-24 15:56 UTC (permalink / raw)
To: refpolicy
On 11/24/2009 09:32 AM, Christopher J. PeBenito wrote:
> On Thu, 2009-11-12 at 17:13 -0500, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_logging.patch
>> Latest audit system handling.
>
>
>> -/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,s0)
>> -/var/run/audispd_events -s gen_context(system_u:object_r:audisp_var_run_t,s0)
>> -/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,s0)
>> -/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,s0)
>> +/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>> +/var/run/audispd_events -s gen_context(system_u:object_r:audisp_var_run_t,mls_systemhigh)
>> +/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>> +/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>> /var/run/klogd\.pid -- gen_context(system_u:object_r:klogd_var_run_t,s0)
>> /var/run/log -s gen_context(system_u:object_r:devlog_t,s0)
>> /var/run/metalog\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
>> /var/run/syslogd\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
>
> Why do sockets need to be system high?
>
>> +optional_policy(`
>> + dbus_system_bus_client(audisp_t)
>> +
>> + optional_policy(`
>> + setroubleshoot_dbus_chat(audisp_t)
>> + ')
>> +')
>
> Is audisp actually doing this, or is it a script it runs that is doing
> this? If its the latter, it needs its own policy.
>
>
It is sedisp, so I guess it could have its own policy.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] system_logging.patch
2009-11-12 22:13 Daniel J Walsh
@ 2009-11-24 14:32 ` Christopher J. PeBenito
2009-11-24 15:56 ` Daniel J Walsh
0 siblings, 1 reply; 11+ messages in thread
From: Christopher J. PeBenito @ 2009-11-24 14:32 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-11-12 at 17:13 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_logging.patch
> Latest audit system handling.
> -/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,s0)
> -/var/run/audispd_events -s gen_context(system_u:object_r:audisp_var_run_t,s0)
> -/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,s0)
> -/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,s0)
> +/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
> +/var/run/audispd_events -s gen_context(system_u:object_r:audisp_var_run_t,mls_systemhigh)
> +/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
> +/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
> /var/run/klogd\.pid -- gen_context(system_u:object_r:klogd_var_run_t,s0)
> /var/run/log -s gen_context(system_u:object_r:devlog_t,s0)
> /var/run/metalog\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
> /var/run/syslogd\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
Why do sockets need to be system high?
> +optional_policy(`
> + dbus_system_bus_client(audisp_t)
> +
> + optional_policy(`
> + setroubleshoot_dbus_chat(audisp_t)
> + ')
> +')
Is audisp actually doing this, or is it a script it runs that is doing
this? If its the latter, it needs its own policy.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] system_logging.patch
@ 2009-11-12 22:13 Daniel J Walsh
2009-11-24 14:32 ` Christopher J. PeBenito
0 siblings, 1 reply; 11+ messages in thread
From: Daniel J Walsh @ 2009-11-12 22:13 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_logging.patch
Latest audit system handling.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] system_logging.patch
@ 2009-03-24 14:06 Daniel J Walsh
0 siblings, 0 replies; 11+ messages in thread
From: Daniel J Walsh @ 2009-03-24 14:06 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/system_logging.patch
New audit file context
log files under /var/spool
auditd calls getpw
audisp_t needs dac_override
audisp_t signals its self and its plugins
audisp_t will execute binaries and shell scripts
Sends dbus messages to all levels, audit runs at system_high so we need
to send dbus messages to daemons running at different levels.
audisp_t calls getpw
audisp uses dbus
audisp_remote binds to audit port to listen for incoming connections
uses getpw
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] system_logging.patch
2008-09-24 19:33 Daniel J Walsh
@ 2008-10-09 18:09 ` Christopher J. PeBenito
0 siblings, 0 replies; 11+ messages in thread
From: Christopher J. PeBenito @ 2008-10-09 18:09 UTC (permalink / raw)
To: refpolicy
On Wed, 2008-09-24 at 15:33 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F10/system_logging.patch
>
> Add definition for initrc scripts
>
> Allow admin to start and stop init script
>
> auditd now connects/binds on a tcp socket to port 60
>
> Needs to read inodefs
>
> audisp_t resolves hostnames
>
> audisp_remote connects to the audit port.
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] system_logging.patch
@ 2008-09-24 19:33 Daniel J Walsh
2008-10-09 18:09 ` Christopher J. PeBenito
0 siblings, 1 reply; 11+ messages in thread
From: Daniel J Walsh @ 2008-09-24 19:33 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F10/system_logging.patch
Add definition for initrc scripts
Allow admin to start and stop init script
auditd now connects/binds on a tcp socket to port 60
Needs to read inodefs
audisp_t resolves hostnames
audisp_remote connects to the audit port.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkjalgIACgkQrlYvE4MpobNKYwCfYB/8ZCBU/aR0htUJ8NkRxEfW
KCoAoIl6nBH8c1tB0jIialNSIzZlRERR
=Ybp7
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2010-08-26 23:39 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-02-23 22:16 [refpolicy] system_logging.patch Daniel J Walsh
2010-03-17 18:40 ` Christopher J. PeBenito
2010-03-18 20:09 ` Daniel J Walsh
-- strict thread matches above, loose matches on Subject: below --
2010-08-26 23:39 Daniel J Walsh
2009-11-12 22:13 Daniel J Walsh
2009-11-24 14:32 ` Christopher J. PeBenito
2009-11-24 15:56 ` Daniel J Walsh
2009-11-24 15:57 ` Daniel J Walsh
2009-03-24 14:06 Daniel J Walsh
2008-09-24 19:33 Daniel J Walsh
2008-10-09 18:09 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.