On Friday 03 February 2006 09:46, Stephen Smalley wrote:
Ok, so this means that SELinux needs to provide an API for such
comparisons, and likely for precomputing the internal context structure
for a given MLS range provided in an audit rule so that we don't have to
re-do that on each filter evaluation.
What if the filter rule was:
auditctl -a exit,always -S open -F "se_sensitivity>=confidential"
And that is all you have to work with? Are we still OK?
-Steve