On Tue, 2005-01-04 at 16:22, Steve Grubb wrote:
But wouldn't this mean the admin would have to have policy source
installed?
That's far too messy.
No different than making any other policy change. Of course, it is
possible to directly manipulate binary policies via libsepol, and we
already have some examples of such manipulation, e.g. to set boolean
defaults prior to loading, to rebuild the users database via genpolusers
without policy source, etc. So you could build a tool that allowed
changes to the policy audit rules without full policy sources around,
and the binary policy module work by Tresys would be a more general
solution once it matures.
> What more do you need?
auditctl -selinux no_avc
Running SELinux with no auditing seems a bit unwise, as you then have
nothing to go on other than a mysterious EACCES. But you could
certainly implement a complete audit disable for SELinux either in
SELinux itself or in the kernel audit framework (but for the latter, the
audit_log* interfaces would likely need to take an additional argument
identifying the caller as SELinux vs. some other caller).
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency