sample 5.3 based trusted os ;-)
Ilmar S. Habibulin
ilmar at watson.org
Mon Jan 24 13:20:30 GMT 2005
On Mon, 24 Jan 2005, Wayne Salamon wrote:
> One criteria is to audit events that involve permission checks using
> the standard discretionary access controls, or the suid check. Two
> notable exceptions are read() and write(), which are not audited in
> Solaris or Darwin, but are in your list.
read/write like syscalls are audited only if mac check fails. IMHO Trusted
Solaris does the same thing.
> We need to decide how to merge your changes into audit3. If you want to
> send me a patch against audit2, that'd be a place to start.
I have no codebase to make diffs from. :( When i say audit2 or audit3
based, i mean that i've used the main modules from sources, taged as
audit2 or audit3.
Possible solution is to try merging AUDIT_ARG diffs first, and anithing
else -- second, thrird, etc. The ideal solution is to provide me with some
way of getting read access to the last audit3 sources and i'll try to make
patches asap. i prefer cvs/cvsup access.
asap will be about a week, i hope. It is just a bulk of macros. There are
some addons, like MAC label token, and rewrites, as vnpath/upath changes,
but i don't think they are too hard to interate. The only thing i'm
affraid of is panic because of vn_fullpath or even worse -- the reason
unknown.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list