Hello Simon and Russel !
On Sun, 06/03/2011 at 10.32 +1100, Russell Coker wrote:
> On Sat, 29 Jan 2011, Simon Brandmair <sbrandmair@xxxxxxx> wrote:
> > I just started looking into SELinux. I am wondering if there is a way to
> > have wildcards in avc rules like:
> > auditallow source_t target_t : * * ;
> > which audits all access from source_t to target_t.
> >
> > Or do I have to add all classes objects to the rule like:
> > auditallow source_t target_t : {appletalk_socket, association,
> > blk_file ... } * ;
>
> No, there isn't such a wildcard at this time (AFAIK). It might be worth
> adding one so I've moved this discussion to the SE Linux upstream mailing list
> (please don't CC debian-security on future replies).
But perhaps you can define a set:
define(`all_the_stuff_i_need', `{ appletalk_socket association
blk_file ... }')
and then make use of it:
auditallow source_t target_t:all_the_stuff_i_need *;
Please double-check (what I told you but also the use of commas in the
list). The reference policy mailing list might also be a useful source
of information in this specific case.
Hope it helps.
Regards,
Guido
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
