From: Eric Paris <eparis@redhat.com>
To: Steve Grubb <sgrubb@redhat.com>
Cc: linux-audit@redhat.com
Subject: Re: [PATCH 7/7] audit: audit feature to set loginuid immutable
Date: Mon, 08 Jul 2013 17:32:31 -0400 [thread overview]
Message-ID: <1373319151.2395.30.camel@dhcp137-13.rdu.redhat.com> (raw)
In-Reply-To: <7631599.bE25jHDhjZ@x2>
On Mon, 2013-07-08 at 17:26 -0400, Steve Grubb wrote:
> On Monday, July 08, 2013 04:51:20 PM Eric Paris wrote:
> > If we don't trust the audit system initialization we already lost and no
> > amount of audit= is going to change that.
>
> I'm thinking more about High Assurance cases where the boot
> partition/environment is removed from an attacker's reach. Consider use cases
> where you want to allow root, but you do not want them to make certain kinds
> of changes to the system by taking away certain capabilities in the initramfs
> which is outside of the control of anyone with root.
If that's the case, you must be loading the audit policy inside the
initramfs, and thus, you can set this inside the initrd. We MUST have
absolute trust until the audit.rules are processed. To get a boot
option, we have to show how this has value before the audit.rules are
loaded. And it doesn't... Not in any system I can imagine. Nor in the
description you gave above... What am I missing?
next prev parent reply other threads:[~2013-07-08 21:32 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-24 16:11 [PATCH 1/7] audit: implement generic feature setting and retrieving Eric Paris
2013-05-24 16:11 ` [PATCH 2/7] selinux: apply selinux checks on new audit message types Eric Paris
2013-05-24 16:11 ` [PATCH 3/7] audit: loginuid functions coding style Eric Paris
2013-05-24 16:11 ` [PATCH 4/7] audit: remove CONFIG_AUDIT_LOGINUID_IMMUTABLE Eric Paris
2013-05-24 16:11 ` [PATCH 5/7] audit: allow unsetting the loginuid (with priv) Eric Paris
2013-05-24 16:11 ` [PATCH 6/7] audit: audit feature to only allow unsetting the loginuid Eric Paris
2013-05-24 16:11 ` [PATCH 7/7] audit: audit feature to set loginuid immutable Eric Paris
2013-07-08 20:34 ` Steve Grubb
2013-07-08 20:51 ` Eric Paris
2013-07-08 21:26 ` Steve Grubb
2013-07-08 21:32 ` Eric Paris [this message]
2013-07-09 22:24 ` Steve Grubb
2013-07-09 23:51 ` LC Bruzenak
2013-07-10 13:46 ` Steve Grubb
2013-07-10 14:32 ` LC Bruzenak
2013-07-10 18:16 ` Eric Paris
2013-07-10 18:51 ` LC Bruzenak
2013-07-10 19:02 ` LC Bruzenak
2013-07-10 19:09 ` Eric Paris
2013-05-24 16:28 ` [PATCH 1/7] audit: implement generic feature setting and retrieving Eric Paris
2013-05-24 20:41 ` William Roberts
2013-05-24 20:56 ` William Roberts
2013-05-30 17:20 ` Richard Guy Briggs
2013-07-08 20:28 ` Steve Grubb
2013-07-08 21:55 ` Eric Paris
2013-07-09 1:18 ` William Roberts
2013-07-09 18:30 ` Steve Grubb
2013-07-09 20:59 ` Eric Paris
2013-07-09 22:08 ` Steve Grubb
2013-11-02 7:26 ` Richard Guy Briggs
2013-11-02 14:44 ` Eric Paris
2014-08-22 21:58 ` Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1373319151.2395.30.camel@dhcp137-13.rdu.redhat.com \
--to=eparis@redhat.com \
--cc=linux-audit@redhat.com \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.