Davin Shearer
Davin Shearer
Still nothing. root terminal: ``` [root@rhel8 ~]# systemctl start fapolicyd ``` user terminal: ``` [scholarsmate@rhel8 ~]$ /usr/local/bin/xz --version -bash: /usr/local/bin/xz: Operation not permitted [scholarsmate@rhel8 ~]$ ``` root terminal: ``` [root@rhel8...
I tried Fedora 32 now in addition to RHEL 8.2, RHEL 8.3 beta, CentOS 8.1 and CentOS 8.2 and have the same results across all 5 of these operating systems....
One more data point. I built from master and installed the built RPM on this Fedora 32 instance and the results are the same... access to `/usr/local/bin/xz` is denied by...
Even with that rules file in place and restarting the services, I'm not finding anything in the audit log on Fedora 32. root terminal: ``` [root@localhost ~]# cp /usr/share/audit/sample-rules/43-module-load.rules /etc/audit/rules.d/...
I had success on RHEL 8.3 beta. root terminal: ``` [root@rhel8 ~]# cp /usr/share/audit/sample-rules/43-module-load.rules /etc/audit/rules.d/ [root@rhel8 ~]# ll /etc/audit/rules.d/ total 8 -rw-r--r--. 1 root root 398 Jul 29 21:39 43-module-load.rules...
This is the first time I'm seeing an audit log. This is full of great information. Is there a way to trace this denial back to the matching fapolicyd rule?
I can understand the "benefit a single application" argument and I don't disagree. However, when creating a framework, it's not unusual to have a field for "context". In C/C++ we...
Alternatively, are there any other fields in the audit record that can be coopted for the rule ID? Another option might to use journald.
It is important to know the rule ID responsible for a file access being denied and this traceability, is objectively, an audit function. The tradeoff in this proposal is that...
Thinking a bit more on the rule ID and the judgement unioned into the 32 bit response... using the upper 3 bytes (24 bits) for the rule ID and the...