On Wed, 2004-04-21 at 19:34, Colin Walters wrote: > On Wed, 2004-04-21 at 18:57, Thomas Bleher wrote: > > A full solution requires modifications to fam: it should check the > > security context of the caller (like it does already with uid and gid) > > and only monitor the files if they can be accessed by the caller. > > Right - I think someone here looked at doing that and just gave up. We > have someone working on writing a new file monitoring system, hopefully > something will happen there soon. I don't know that it would be technically difficult to modify famd to perform such checks (and SELinux does export an API for performing such checks that is already used by other programs), but you would still have a situation where famd would have to be highly trusted and a potential conduit through which domains could communicate in violation of the policy. It would be preferable to instantiate separarate famd's per client context. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
