selinux September 2009 archive
Main Archive Page > Month Archives  > selinux archives
selinux: RE: SELinux and SSH Timers ?...

RE: SELinux and SSH Timers ?...

From: Stephen Smalley <sds_at_nospam>
Date: Fri Sep 04 2009 - 14:56:00 GMT
To: Hasan Rezaul-CHR010 <CHR010@motorola.com>


On Fri, 2009-09-04 at 10:45 -0400, Hasan Rezaul-CHR010 wrote:
> My Linux kernel version is 2.6.21.

So if you wanted to have SELinux audit every denial in permissive mode, you'd just apply this patch and rebuild your kernel.

diff --git a/security/selinux/avc.c b/security/selinux/avc.c index da8caf1..b190eb7 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -874,10 +874,6 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid, if (!requested || denied) { if (selinux_enforcing) rc = -EACCES; - else - if (node) - avc_update_node(AVC_CALLBACK_GRANT,requested, - ssid,tsid,tclass); } rcu_read_unlock(); -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.