Hello,
I am not sure this use case has come up before but some our systems are set permissive. I have 3 files I want to have shared with 644 on purpose. The goal is for selinux to allow users(permissive) to read the file but I need a context that will still report an AVC to audit.log as that will be forwarded to a SIEM where rules will be in place to contact security. I have tried auditd_etc_t, var_log_t but nothing ever shows up in audit.log when watching a user cat/vi the files.
In this situation I actually want to see denials lol but not 100% I am seeing this right. Any help is appreciated.
-rw-r--r--. root root unconfined_u:object_r:auditd_etc_t:s0 fil1.pgp
-rw-r--r--. root root unconfined_u:object_r:auditd_etc_t:s0 file2.docx
-rw-r--r--. root root unconfined_u:object_r:var_log_t:s0 file3.docx
Sean Hogan
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx/message/CAN2DYGIQSEYD3B6WMUFKL5HKBNUENJO/
