<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 11/18/2013 08:33 PM, Bryan D. Payne
wrote:<br>
</div>
<blockquote
cite="mid:CAFpPvXBXAZX50+28tMTHZgJb63ZBrGbLHgapu8Dt-Wz=exitJA@mail.gmail.com"
type="cite">
<div dir="ltr">Sure, I was just suggesting that those selinux
policies could be a useful source of information about the
expected behavior of the various services.
<div><br>
</div>
<div>-bryan<br>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Mon, Nov 18, 2013 at 5:29 PM,
Adam Young <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div class="im">
<div>On 11/18/2013 08:18 PM, Bryan D. Payne wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I'd suggest checking the selinux
policies for openstack in RedHat and/or Fedora.
<div>-bryan</div>
</div>
</blockquote>
<br>
</div>
Probably, for completeness, should mention that the
Debian default is AppArmour, not SELinux. THe major
difference between them is that AppAroun is path
based, where as SELinux is Inode based.</div>
</blockquote>
</div>
</div>
</div>
</div>
</blockquote>
<br>
And I should learn to type:<br>
<br>
AppArmor:<br>
<br>
<a class="moz-txt-link-freetext" href="https://wiki.ubuntu.com/AppArmor">https://wiki.ubuntu.com/AppArmor</a><br>
<br>
<blockquote
cite="mid:CAFpPvXBXAZX50+28tMTHZgJb63ZBrGbLHgapu8Dt-Wz=exitJA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div class="im"><br>
<br>
<br>
<br>
<blockquote type="cite">
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Mon, Nov 18, 2013 at
5:15 PM, Kausum Kumar <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:Kausum_Kumar@symantec.com"
target="_blank">Kausum_Kumar@symantec.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal">Hi All,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I am trying to map
what configuration and input files are
been accessed by what processes and
how. I am looking from a security
perspective, as to what
process/application/user can access
for read and/or write certain files.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Is there such a
mapping available somewhere beside the
obvious process access configurations?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> Thanks,</p>
<p class="MsoNormal">Kausum </p>
</div>
</div>
<br>
_______________________________________________<br>
Openstack-security mailing list<br>
<a moz-do-not-send="true"
href="mailto:Openstack-security@lists.openstack.org"
target="_blank">Openstack-security@lists.openstack.org</a><br>
<a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security"
target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Openstack-security mailing list
<a moz-do-not-send="true" href="mailto:Openstack-security@lists.openstack.org" target="_blank">Openstack-security@lists.openstack.org</a>
<a moz-do-not-send="true" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security</a>
</pre>
</blockquote>
<br>
</div>
</div>
<br>
_______________________________________________<br>
Openstack-security mailing list<br>
<a moz-do-not-send="true"
href="mailto:Openstack-security@lists.openstack.org">Openstack-security@lists.openstack.org</a><br>
<a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security"
target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>