On Fri, 2006-05-26 at 13:05 -0400, Stephen Smalley wrote: > On Thu, 2006-05-25 at 17:01 -0400, James Antill wrote: > > The attached patch implements the full relabel audit event (Ie. an > > audit event occurs when a full relabel occurs, ie. when /.autorelabel > > exists at boot). > > Note that although the code is correct, this patch doesn't actually > > work due to kernel bugs[1]. > > > > It'll be in Fedora development as part of policycoreutils-1.30.10-3 > > onwards. > > > > [1] see the thread on linux-audit if you want the details. > > Hmmm...what is it that you actually want to do here? If you only care > about auditing autorelabel events, then I'd suggest generating the audit > message from the autorelabel portion of rc.sysinit (via a helper, I > suppose), not from setfiles itself.
This is all that we care about, but the solution of creating a helper to just be called before setfiles was considered suboptimal against just putting the code inside setfiles (I know Steve is very much against anything which acts like logger for the audit subsystem). > Not sure which thread you are referring to; I don't see prior discussion > of a relabel audit event in the linux-audit archives. The thread is for the kernel problem that makes the above patch not actually work, see the thread "Re: audit 1.2.2 released". -- James Antill <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
