Re: [PATCH 1/1] Add CONFIG_SECURITY_SELINUX_PERMISSIVE_DONTAUDIT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Jeff Xu <jeffxu@xxxxxxxxxxxx>
Subject: Re: [PATCH 1/1] Add CONFIG_SECURITY_SELINUX_PERMISSIVE_DONTAUDIT
From: Paul Moore <paul@xxxxxxxxxxxxxx>
Date: Mon, 26 Sep 2022 17:40:57 -0400
Cc: Dominick Grift <dominick.grift@xxxxxxxxxxx>, selinux@xxxxxxxxxxxxxxx, linux-security-module@xxxxxxxxxxxxxxx, jorgelo@xxxxxxxxxxxx, groeck@xxxxxxxxxxxx, Luis Hector Chavez <lhchavez@xxxxxxxxxx>, Luis Hector Chavez <lhchavez@xxxxxxxxxxxx>
In-reply-to: <CABi2SkW4P+s-+5X7UGYYp1tUtT350_7UfQx_KYqHAyYe31ORWw@mail.gmail.com>
References: <20220921185426.1663357-1-jeffxu@chromium.org> <20220921185426.1663357-2-jeffxu@chromium.org> <CAHC9VhS-jv5cpSdq7dxFGYH=z=5grQceNMyjroeL2KHdrVUV6g@mail.gmail.com> <CABi2SkXRxomrYn-xUf3B+XswmQjXZUJXmYJECmr_nBfrZWwqkA@mail.gmail.com> <CAHC9VhRuUZxdsVQftqWa0zEuNAxk8ur0-TZp5KecJ537hRONRQ@mail.gmail.com> <875yhe6ial.fsf@defensec.nl> <CABi2SkW4P+s-+5X7UGYYp1tUtT350_7UfQx_KYqHAyYe31ORWw@mail.gmail.com>

On Mon, Sep 26, 2022 at 2:03 PM Jeff Xu <jeffxu@xxxxxxxxxxxx> wrote:
> Thanks for details about the unconfined_t domain, this is one option.
>
> IMHO: between permissive domain + audit log and unconfined_t, there might
> be room for letting each permissive domain decide its own audit logging
> strategy. The reasons are ...

I'm sorry, but I don't want to support a permissive mode that doesn't
generate denial records in the upstream kernel at this point in time.

-- 
paul-moore.com

Follow-Ups:
- Re: [PATCH 1/1] Add CONFIG_SECURITY_SELINUX_PERMISSIVE_DONTAUDIT
  - From: Jeff Xu

References:
- [PATCH 0/1] Add CONFIG_SECURITY_SELINUX_PERMISSIVE_DONTAUDIT
  - From: jeffxu
- [PATCH 1/1] Add CONFIG_SECURITY_SELINUX_PERMISSIVE_DONTAUDIT
  - From: jeffxu
- Re: [PATCH 1/1] Add CONFIG_SECURITY_SELINUX_PERMISSIVE_DONTAUDIT
  - From: Paul Moore
- Re: [PATCH 1/1] Add CONFIG_SECURITY_SELINUX_PERMISSIVE_DONTAUDIT
  - From: Jeff Xu
- Re: [PATCH 1/1] Add CONFIG_SECURITY_SELINUX_PERMISSIVE_DONTAUDIT
  - From: Paul Moore
- Re: [PATCH 1/1] Add CONFIG_SECURITY_SELINUX_PERMISSIVE_DONTAUDIT
  - From: Dominick Grift
- Re: [PATCH 1/1] Add CONFIG_SECURITY_SELINUX_PERMISSIVE_DONTAUDIT
  - From: Jeff Xu

Prev by Date: Re: [PATCH 10/29] selinux: implement set acl hook
Next by Date: Re: [PATCH 10/29] selinux: implement set acl hook
Previous by thread: Re: [PATCH 1/1] Add CONFIG_SECURITY_SELINUX_PERMISSIVE_DONTAUDIT
Next by thread: Re: [PATCH 1/1] Add CONFIG_SECURITY_SELINUX_PERMISSIVE_DONTAUDIT
Index(es):
- Date
- Thread

[Index of Archives] [Selinux Refpolicy] [Linux SGX] [Fedora Users] [Fedora Desktop] [Yosemite Photos] [Yosemite Camping] [Yosemite Campsites] [KDE Users] [Gnome Users]