[Openstack-security] Processes accessing Configuration files

Bryan D. Payne bdpayne at acm.org
Tue Nov 19 01:33:05 UTC 2013


Sure, I was just suggesting that those selinux policies could be a useful
source of information about the expected behavior of the various services.

-bryan


On Mon, Nov 18, 2013 at 5:29 PM, Adam Young <ayoung at redhat.com> wrote:

>  On 11/18/2013 08:18 PM, Bryan D. Payne wrote:
>
> I'd suggest checking the selinux policies for openstack in RedHat and/or
> Fedora.
> -bryan
>
>
> Probably, for completeness, should mention that the Debian default is
> AppArmour, not SELinux.  THe major difference between them is that AppAroun
> is path based, where as SELinux is Inode based.
>
>
>
>
>
>
> On Mon, Nov 18, 2013 at 5:15 PM, Kausum Kumar <Kausum_Kumar at symantec.com>wrote:
>
>>  Hi All,
>>
>>
>>
>> I am trying to map what configuration and input files are been accessed
>> by what processes and how. I am looking from a security perspective, as to
>> what process/application/user can access for read and/or write certain
>> files.
>>
>>
>>
>> Is there such a mapping available somewhere beside the obvious process
>> access configurations?
>>
>>
>>
>> Thanks,
>>
>> Kausum
>>
>> _______________________________________________
>> Openstack-security mailing list
>> Openstack-security at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>>
>>
>
>
> _______________________________________________
> Openstack-security mailing listOpenstack-security at lists.openstack.orghttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131118/2cfaa862/attachment.html>


More information about the Openstack-security mailing list