Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: RHEL5 Kernel with labeled networking
From: Linda Knippers <linda.knippers_at_hp.com>
Date: Tue, 03 Oct 2006 16:40:23 -0400
>>Joy Latten wrote: >> >>>>Before network labeling is completed we still need some work >>>>implementing how we plan to audit configuration changes in ipsec >>>>labeling decisions. I believe we agreed today that this auditing must >>>>be done in kernelspace since we do not have fine grained enough controls >>>>on netlink messages to allow for all of the auditing in userspace. >>>> >>>> >>> >>>I've talked to Klaus about what needs to be audited for ipsec and >>>lspp compliance. I will begin work on a patch and get this out >>>to the list as soon as I can. We will audit everytime a policy is >>>added/removed to/from the ipsec policy database. >>> >>> >> >>why not just auditallow all association setcontext? > > > Dang! Why didn't I think of that! :-) > Such a good idea. I will do a quick test and > show Klaus and see if it all looks ok to him. > Thanks!!! If we go the auditallow route then we lose some audit record management features, like the ability to enable/disble/search for these records, don't we? Do we care?
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Tue 3 Oct 2006 - 16:40:36 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |