start setroubleshootd as audisp plugin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

thanks to Steve Grubb I figured out how to make setroubleshootd start as
an auditd plugin.
with the two files attached (plugin conf and selinux module) it should
be a little faster in boot (see attached bootchart).

Anyone wants to bring that into the setroubleshoot/audit pkg?

regards

christoph

Attachment: bootchart.png
Description: PNG image

policy_module(auditd-troubled,0.1)

gen_require(` type setroubleshootd_exec_t; ')
gen_require(` type setroubleshootd_t; ')
gen_require(` type audisp_t; ')

allow audisp_t setroubleshootd_exec_t:file read_file_perms;
allow audisp_t setroubleshootd_exec_t:file execute;
domain_auto_trans(audisp_t, setroubleshootd_exec_t, setroubleshootd_t)
corecmd_exec_bin(audisp_t)
allow setroubleshootd_t audisp_t:unix_stream_socket { ioctl read write };
allow audisp_t setroubleshootd_t:process signal;

active = yes
direction = out
path = /usr/sbin/setroubleshootd
type = always
args = -f
format = string

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux