konrad.azzopardi at gmail.com
Tue Dec 2 16:53:47 CST 2008
If I am now confining SAMHAIN integrity checker with all features
switched on. The daemon, is spawning a "ps" , and Checking for
hidden/fake/missing processes. The module works by searching the
complete range of possible PIDs for processes, and comparing the list
of processes thus found against the output of ps.
Of course if i do not make a domain transition to bin_t everything
failing but is it bin_t too wide ? What would be the best way to go
around this, since ps is bin_t just like all the other binaries ?
Sorry I am still relatively new so this may be trivial but I guess
bin_t is allowed to do a lot of things.
More information about the refpolicy