Christopher J. PeBenito wrote:
> On Mon, 2008-03-10 at 16:52 +0900, Kohei KaiGai wrote:
>>>>> * Tunables to turn on/off audit are remained now, because database
>>>>> folks told me fine-grained logs are worthwhile feature.
>>>> I'm still not very compelled by this, as I doubt people who do want more
>>>> auditing will want to to enable it so coarsely.
>>> Hmm...
>>> OK, I'll remove these tunable, and add a documentation to collect
>>> fine-grained database access logs.
>> When we apply tuple-level access control, access denied logs of filtered
>> tuples are noisy, and it gives adversed effect for performance.
>> For example, if a table contains 1,000,000 tuples and half of them are
>> labeled as ":s0:c0", unclassified users will look a flood of logs
>> on every accesses.
>>
>> At least, is it necessary to be controlable on tuples?
> [...]
>> [kaigai@saba ~]$ runcon -l s0 psql postgres -q
>> postgres=# SELECT * FROM drink;
>> NOTICE: SELinux: denied { select } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:sepgsql_table_t:s0:c0 tclass=db_tuple name=relid:16482,oid:16490
>> NOTICE: SELinux: denied { select } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:sepgsql_table_t:s0:c0 tclass=db_tuple name=relid:16482,oid:16491
>> NOTICE: SELinux: denied { select } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:sepgsql_table_t:s0:c0 tclass=db_tuple name=relid:16482,oid:16492
>> id | name | price | alcohol
>> ----+-------+-------+---------
>> 1 | water | 100 | f
>> 2 | coke | 120 | f
>> 3 | juice | 130 | f
>> (3 rows)
>
> I would just unconditionally dontaudit it.
OK, I'll add it.
--
KaiGai Kohei <kaigai@xxxxxxxxxxxx>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
