Re: auditctl se_sen & se_clr
On Fri, 2006-05-19 at 12:44 -0500, Michael C Thompson wrote:
James Antill wrote:
> On Fri, 2006-05-19 at 10:30 -0500, Michael C Thompson wrote:
>
>> Thanks, that's what I thought as well. Here is my result of testing this:
>>
>> root linux user, id:
>> context=root:staff_r:staff_t:SystemLow-SystemHigh
>>
>> mcthomps linux user, id:
>> context=user_u:user_r:user_t:SystemLow
>>
>> When I have the following audit rule is
>> auditctl -a entry,always -S chmod -F se_clr=s0
>> the chmod actions taken by mcthomps get logged, but not those done by
>> root (this is as expected).
>
> This means that a "range" of s0 is being interpreted as:
>
> se_sen=''
> se_clr='s0'
>
> ...which isn't what I'd expect, but given that...
I'm sorry, I do not follow what you mean here.
The mls range for root is s0-s0:c0.c255, where:
se_sen = s0
se_clr = s0:c0.c255
The mls range for mcthomps is s0, given the above works then:
se_clr = s0
...and given the range is s0 and not s0-s0 then se_sen must be blank
(and so won't match s0).
--
James Antill
<james.antill(a)redhat.com>
Attachments:
- signature.asc (application/pgp-signature — 191 bytes)