On Thu, 2006-02-02 at 17:18 -0500, Steve Grubb wrote:
I think we are covered. I mentioned to Dustin that those fields need
to be
handled as integers for comparison. We should be able to specify a range for
matching like:
-F "se_sensitivity>=2" -F "se_sensitivity<=9"
This requires that SELinux perform the filter interpretation, as the
context structures and dominance relation are purely internal to it, and
the audit system should not be directly tied to them.
Is there a convention for context parsing? If not, we should probably
decide
what it will be or at least how to identify the end of what we know so that
if they get out of sync in the future, it would do the wrong thing.
The "convention" is that only the SELinux module and the core SELinux
libraries parse them. Everything else has to use an API provided by the
SELinux module (for in-kernel users) or the core SELinux libraries (for
userland).
--
Stephen Smalley
National Security Agency