On Mon, 2008-03-10 at 16:52 +0900, Kohei KaiGai wrote:
> >>> * Tunables to turn on/off audit are remained now, because database
> >>> folks told me fine-grained logs are worthwhile feature.
> >> I'm still not very compelled by this, as I doubt people who do want more
> >> auditing will want to to enable it so coarsely.
> >
> > Hmm...
> > OK, I'll remove these tunable, and add a documentation to collect
> > fine-grained database access logs.
>
> When we apply tuple-level access control, access denied logs of filtered
> tuples are noisy, and it gives adversed effect for performance.
> For example, if a table contains 1,000,000 tuples and half of them are
> labeled as ":s0:c0", unclassified users will look a flood of logs
> on every accesses.
>
> At least, is it necessary to be controlable on tuples?
[...]
> [kaigai@saba ~]$ runcon -l s0 psql postgres -q
> postgres=# SELECT * FROM drink;
> NOTICE: SELinux: denied { select } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:sepgsql_table_t:s0:c0 tclass=db_tuple name=relid:16482,oid:16490
> NOTICE: SELinux: denied { select } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:sepgsql_table_t:s0:c0 tclass=db_tuple name=relid:16482,oid:16491
> NOTICE: SELinux: denied { select } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:sepgsql_table_t:s0:c0 tclass=db_tuple name=relid:16482,oid:16492
> id | name | price | alcohol
> ----+-------+-------+---------
> 1 | water | 100 | f
> 2 | coke | 120 | f
> 3 | juice | 130 | f
> (3 rows)
I would just unconditionally dontaudit it.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
