On 25Aug2017 1058, Christian Heimes wrote:
Here is a simplified and partial example for a simple Python
'myservice'. When the service is started by the init system, the process
is automatically transitions into the myservice_exec_t domain.
[SNIP]
I feel like the piece I'm missing is what needs to be added to the
CPython source to make this all work. (As with auditd - when Nick
pointed it out to me I wasn't comfortable until I found a sample using
audit_open().)
We can talk about SELinux during the sprint. If you like either Nick,
Victor, or I could contact some engineers from SELinux (Dan) and Linux
auditing team (Paul, RGB) here at Red Hat.
I'm very keen for as many platform-specific proofs of concept as
possible. The more people who are thinking "if I had this information
available, what would I do with it?" the better.
Cheers,
Steve
_______________________________________________
Security-SIG mailing list
Security-SIG@python.org
https://mail.python.org/mailman/listinfo/security-sig
