| Main Archive Page > Month Archives > selinux archives |
RE: SELinux and SSH Timers ?...
From: Stephen Smalley <sds_at_nospam>Date: Fri Sep 04 2009 - 14:56:00 GMT
To: Hasan Rezaul-CHR010 <CHR010@motorola.com>
On Fri, 2009-09-04 at 10:45 -0400, Hasan Rezaul-CHR010 wrote:
> My Linux kernel version is 2.6.21.
So if you wanted to have SELinux audit every denial in permissive mode, you'd just apply this patch and rebuild your kernel.
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index da8caf1..b190eb7 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -874,10 +874,6 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
if (!requested || denied) {
if (selinux_enforcing)
rc = -EACCES;
- else
- if (node)
- avc_update_node(AVC_CALLBACK_GRANT,requested,
- ssid,tsid,tclass);
}
rcu_read_unlock();
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.