Re: Q on audit, audit-syscall

From: Stephen Smalley
Date: Thu Apr 06 2006 - 08:57:34 EST

Next message: Paolo Ornati: "Re: add new code section for kernel code"
Previous message: saeed bishara: "add new code section for kernel code"
In reply to: Valdis . Kletnieks: "Re: Q on audit, audit-syscall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2006-04-05 at 23:47 +0200, Herbert Rosmanith wrote:
> > happened, this is what you want. If you want to apply a security restriction,
> > you want to look at SELinux or perhaps a custom LSM. If you have some
> ^^^^^^^^^^^^
>
> the idea already crossed my mind. but I rather start bottom up: LSM depends
> on CONFIG_AUDIT* (this is correct, isn't it?), so I examine AUDIT first. if
> AUDIT doesnt support what I need, I continue with LSM.

SELinux has a dependency on CONFIG_AUDIT these days because it uses the
audit system to log permission denials (originally just used printk, but
switched to the audit system when it was mainstreamed), but SELinux
doesn't depend on CONFIG_AUDIT for the actual access control checking
and enforcement. SELinux just feeds data to the audit system for such
logging; it doesn't take any inputs from the audit system.

--
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paolo Ornati: "Re: add new code section for kernel code"
Previous message: saeed bishara: "add new code section for kernel code"
In reply to: Valdis . Kletnieks: "Re: Q on audit, audit-syscall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]