On Fri, 2006-05-19 at 12:44 -0500, Michael C Thompson wrote: > James Antill wrote: > > On Fri, 2006-05-19 at 10:30 -0500, Michael C Thompson wrote: > > > >> Thanks, that's what I thought as well. Here is my result of testing this: > >> > >> root linux user, id: > >> context=root:staff_r:staff_t:SystemLow-SystemHigh > >> > >> mcthomps linux user, id: > >> context=user_u:user_r:user_t:SystemLow > >> > >> When I have the following audit rule is > >> auditctl -a entry,always -S chmod -F se_clr=s0 > >> the chmod actions taken by mcthomps get logged, but not those done by > >> root (this is as expected). > > > > This means that a "range" of s0 is being interpreted as: > > > > se_sen='' > > se_clr='s0' > > > > ...which isn't what I'd expect, but given that... > > I'm sorry, I do not follow what you mean here.
The mls range for root is s0-s0:c0.c255, where: se_sen = s0 se_clr = s0:c0.c255 The mls range for mcthomps is s0, given the above works then: se_clr = s0 ...and given the range is s0 and not s0-s0 then se_sen must be blank (and so won't match s0). -- James Antill <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
