<div dir="ltr">Sure, I was just suggesting that those selinux policies could be a useful source of information about the expected behavior of the various services.<div><br></div><div>-bryan<br><div class="gmail_extra"><br>

<br><div class="gmail_quote">On Mon, Nov 18, 2013 at 5:29 PM, Adam Young <span dir="ltr"><<a href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


  
    
  
  <div bgcolor="#FFFFFF" text="#000000"><div class="im">
    <div>On 11/18/2013 08:18 PM, Bryan D. Payne
      wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">I'd suggest checking the selinux policies for
        openstack in RedHat and/or Fedora.
        <div>-bryan</div>
      </div>
    </blockquote>
    <br></div>
    Probably, for completeness, should mention that the Debian default
    is AppArmour, not SELinux.  THe major difference between them is
    that AppAroun is path based, where as SELinux is Inode based.<div class="im"><br>
    <br>
    <br>
    <br>
    <blockquote type="cite">
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On Mon, Nov 18, 2013 at 5:15 PM, Kausum
          Kumar <span dir="ltr"><<a href="mailto:Kausum_Kumar@symantec.com" target="_blank">Kausum_Kumar@symantec.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div link="blue" vlink="purple" lang="EN-US">
              <div>
                <p class="MsoNormal">Hi All,</p>
                <p class="MsoNormal"> </p>
                <p class="MsoNormal">I am trying to map what
                  configuration and input files are been accessed by
                  what processes and how. I am looking from a security
                  perspective, as to what process/application/user can
                  access for read and/or write certain files.</p>
                <p class="MsoNormal"> </p>
                <p class="MsoNormal">Is there such a mapping available
                  somewhere beside the obvious process access
                  configurations?</p>
                <p class="MsoNormal"> </p>
                <p class="MsoNormal">
                  Thanks,</p>
                <p class="MsoNormal">Kausum </p>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            Openstack-security mailing list<br>
            <a href="mailto:Openstack-security@lists.openstack.org" target="_blank">Openstack-security@lists.openstack.org</a><br>
            <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
Openstack-security mailing list
<a href="mailto:Openstack-security@lists.openstack.org" target="_blank">Openstack-security@lists.openstack.org</a>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security</a>
</pre>
    </blockquote>
    <br>
  </div></div>

<br>_______________________________________________<br>
Openstack-security mailing list<br>
<a href="mailto:Openstack-security@lists.openstack.org">Openstack-security@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security</a><br>
<br></blockquote></div><br></div></div></div>