On Sat, 29 Jan 2011, Simon Brandmair <[email protected]> wrote: > I just started looking into SELinux. I am wondering if there is a way to > have wildcards in avc rules like: > auditallow source_t target_t : * * ; > which audits all access from source_t to target_t. > > Or do I have to add all classes objects to the rule like: > auditallow source_t target_t : {appletalk_socket, association, > blk_file ... } * ;
No, there isn't such a wildcard at this time (AFAIK). It might be worth adding one so I've moved this discussion to the SE Linux upstream mailing list (please don't CC debian-security on future replies). -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
