By the way, would patching the kernel this way have the same effect as changing the /selinux/avc/cache_threshold value to "0" for example ? If that is the case, which would be the more recommended approach to follow (kernel patch vs. Changing cache_threshold)? And would you kindly explain why the preferred approach is better over the other ? Thanks again for all your help ! -----Original Message----- From: Hasan Rezaul-CHR010 Sent: Friday, September 04, 2009 9:56 AM To: 'Stephen Smalley' Cc: selinux@xxxxxxxxxxxxx Subject: RE: SELinux and SSH Timers ?... Great, Thank You Sir :-) -----Original Message----- From: Stephen Smalley [mailto:sds@xxxxxxxxxxxxx] Sent: Friday, September 04, 2009 9:56 AM To: Hasan Rezaul-CHR010 Cc: selinux@xxxxxxxxxxxxx Subject: RE: SELinux and SSH Timers ?... On Fri, 2009-09-04 at 10:45 -0400, Hasan Rezaul-CHR010 wrote: > My Linux kernel version is 2.6.21. So if you wanted to have SELinux audit every denial in permissive mode, you'd just apply this patch and rebuild your kernel. diff --git a/security/selinux/avc.c b/security/selinux/avc.c index da8caf1..b190eb7 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -874,10 +874,6 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid, if (!requested || denied) { if (selinux_enforcing) rc = -EACCES; - else - if (node) - avc_update_node(AVC_CALLBACK_GRANT,requested, - ssid,tsid,tclass); } rcu_read_unlock(); -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
