Re: [PATCH 1/2] SELinux Context Label based audit filtering
On Fri, 2006-02-03 at 09:46 -0500, Stephen Smalley wrote:
On Fri, 2006-02-03 at 09:27 -0500, Steve Grubb wrote:
> On Friday 03 February 2006 09:17, Stephen Smalley wrote:
> > > -F "se_sensitivity>=2" -F "se_sensitivity<=9"
> >
> > This requires that SELinux perform the filter interpretation, as the
> > context structures and dominance relation are purely internal to it, and
> > the audit system should not be directly tied to them.
>
> The plan was to call SE linux libraries to interpret custom text (public) to
> sensitivity and send the raw sensitivity (s0).
Right, libsetrans. But that still leaves you with a string that has no
inherent meaning or ordering.
This is begging for placement in a configuration file that allows custom
defined aliases:
"s0" = "non_confidential"
"s1" = "secret"
"s2" = "mostly_secret"
"s3" = "more_secret_than_that"
"s4" = "top_secret"
"s5" = "cheating_on_a_spouse_secret"
Let those be set in either an SELinux config file, or in an Audit config
file. Let audit userspace interpret these human readable aliases to
SELinux's representation.
:-Dustin
Attachments:
- signature.asc (application/pgp-signature — 189 bytes)