On Monday, December 12, 2011 11:35:25 AM Peter Moody wrote:
On Mon, Dec 12, 2011 at 6:27 AM, Steve Grubb
<sgrubb(a)redhat.com> wrote:
> On Sunday, December 11, 2011 02:04:24 PM Peter Moody wrote:
> > Not sure if this is the right way to go about this, but I've got a
> > couple of patches I'd like to be considered for inclusion.
>
> I think we really want all permutations covered so we don't revisit this
> every
> month or two.
Ok. Do you want me to include subj_user/obj_user, subj_role/obj_role,
subj_type/obj_type as well
No, the MAC subsystems should be able to log that themselves.
or just the uid/fsuid, gid/fsgid, uid/suid, gid/sgid?
Closer. All permutations of uid and gid being able to compare against either
object or process credentials. Like auid!=ouid or auid!=uid.
Thanks,
-Steve