Re: [RFC] TOMOYO Linux

[Rik van Riel]

Toshiharu Harada wrote:
> 2007/6/14, Rik van Riel <riel@xxxxxxxxxx>:
> > > So I think pathname based call chains are advantages for
> > > at least auditing and profiling.
> >
> > SELinux audit logs (well, whatever is in /var/log/audit on
> > my system) does show the path names of objects that fail to
> > be accessed as well as the name and context of the processes
> > trying to access them.
> >
> > This is with standard Fedora and RHEL installations.
>
> Thank you for your comment.
>
> SELinux has a well designed robust and flexible functions.
> So it should be used for everywhere.  I understand it.
> As you mentioned one can analyze the system (process)
> behaviors from AVC logs. But the maintenance cost is not trivial.
>
> If logging with process context is the only purpose,
> current TOMOYO Linux can do it with no hustle at all.

Yes, but so does standard SELinux.

You are making me curious: what does TOMOYO do that is
not done by regular SELinux?

Logging with process name, path name and contexts is
already done.  I must have missed some other TOMOYO
feature in your initial email...

--
All Rights Reversed
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/