Re: [PATCH 00/07][RFC] RACF audit plugin

On Fri, 28 Sep 2007 10:28:07 -0300, Klaus Heinrich Kiwi wrote: Steve, you mentioned in an IRC chat that dwalsh has made a nice GUI tool for building new policy - can you point it out?? Dan mentioned we would need a policy module that gets loaded by a post- install script upon the plugin installation. The policy module would define 'racf_t' and 'racf_exec_t' types, and the 'racf_exec_t'-labeled plugin would then transition to it's own 'racf_t' domain upon execution. Transition would be allowed by the 'racf_domtrans(auditd_t)' interface. As for 'racf_t' permissions, I need LDAP and DNS access. Reading the AVC messages I saw I may need: tcp_socket {read write shutdown name_connect connect setop create} udp_socket {read write getattr connect create} netlink_route_socket { nlmsg_read, read } Anyone knows if this set of permissions are implemented by a more-generic policy interface? Dan? Thanks! Klaus K