13 May
2014
13 May
'14
1:56 p.m.
On Mon, May 12, 2014 14:05, Daniel J Walsh wrote:
dac_read_search and dac_override are usually bad to add. They typically mean the permission flags on the file in question is two tight for a root process to read/use.
Loosing up the group/other permissions would probably allow a root process to read the object without requiring these capabities.
I just wrote a quick blog on this.
So, to turn on full path reporting I do this:
# echo "-w /etc/shadow -p w" >> /etc/audit/audit.rules # service auditd restart
My question is: what is the effect that "-w /etc/shadow -p w" has on SELinux with respect to reporting the full path of file names in AVCs? In other words, why does that work?
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3