Hello,
I am not sure this use case has come up before but some our systems are set permissive. I have 3 files I want to have shared with 644 on purpose. The goal is for selinux to allow users(permissive) to read the file but I need a context that will still report an AVC to audit.log as that will be forwarded to a SIEM where rules will be in place to contact security. I have tried auditd_etc_t, var_log_t but nothing ever shows up in audit.log when watching a user cat/vi the files.
In this situation I actually want to see denials lol but not 100% I am seeing this right. Any help is appreciated.
-rw-r--r--. root root unconfined_u:object_r:auditd_etc_t:s0 fil1.pgp
-rw-r--r--. root root unconfined_u:object_r:auditd_etc_t:s0 file2.docx
-rw-r--r--. root root unconfined_u:object_r:var_log_t:s0 file3.docx
type=CWD msg=audit(1530272932.863:1867): cwd="/cwd"
type=PATH msg=audit(1530272932.863:1867): item=0 name="/path/file1" inode=6508 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:default_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1530272932.863:1867): proctitle=636174002F706174682F66696C6531
Zdenek Pytela, Senior technical support engineer and team lead
Customer Engagement and Experience, Red Hat Czech
E-mail: zpytela@xxxxxxxxxx, IRC: zpytela
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx/message/YBFNEXSCEJP4A26K3YLRHITINR5IIZXL/
