Hi Group Members ,
Good Morning & Happy new Year !
Can group member please provide any input / feedback for below
functionality support in SELINUX :
a) Is there any mechanism to generate an event / notification for
selinux denials
I came across Logstash, Logentries and Splunk , which i am
currently looking at.
Is there any selinux equivalent plugin or any other way for
selinux specific.
b) Is there any mechanism to block certain system call / library calls ?
I came across "seccomp" from https://lwn.net/Articles/656307/
But is there any selinux equivalent plugin or any other way for
selinux specific.
or "seccomp" should be the preferred way for this task .
Any pointer / feedback / inputs will be helpful on the same
Thanks ,
Ashish
Thanks ,
Ashish
On Sun, Dec 27, 2020 at 2:17 PM Ashish Mishra <ashishm@xxxxxxxxxx> wrote:
>
> Hi All ,
>
> For one of our internal projects we wanted to evaluate the functionality below .
> Can group member please share any input w.r.t below aspect can be
> implemented or any pointers on same :
>
> a) Is there any mechanism to generate an event / notification for
> selinux denials
> ( like say we have an action which is denied , so instead of user
> reading log
> file if there is any notification mechanism which can be used )
>
> b) If there is any mechanism to block calling of certain system call's
> / library calls .
> ( idea is to discourage certain instances of container to avoid calling some
> predefined system call & library functions )
>
> Any pointers or comments or feedback on these two points will be helpful .
>
> Thanks ,
> Ashish
