Re: Q on audit, audit-syscall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Wed, 2006-04-05 at 23:47 +0200, Herbert Rosmanith wrote:
> > happened, this is what you want.  If you want to apply a security restriction,
> > you want to look at SELinux or perhaps a custom LSM.  If you have some
>                                          ^^^^^^^^^^^^
> the idea already crossed my mind. but I rather start bottom up: LSM depends
> on CONFIG_AUDIT* (this is correct, isn't it?), so I examine AUDIT first. if
> AUDIT doesnt support what I need, I continue with LSM.

SELinux has a dependency on CONFIG_AUDIT these days because it uses the
audit system to log permission denials (originally just used printk, but
switched to the audit system when it was mainstreamed), but SELinux
doesn't depend on CONFIG_AUDIT for the actual access control checking
and enforcement.  SELinux just feeds data to the audit system for such
logging; it doesn't take any inputs from the audit system.

Stephen Smalley
National Security Agency

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at
Please read the FAQ at

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux