[redhat-lspp] Re: RHEL5 Kernel with labeled networking
Joshua Brindle
method at gentoo.org
Tue Oct 3 21:25:40 UTC 2006
Linda Knippers wrote:
> Joy Latten wrote:
>
>> On Tue, 2006-10-03 at 15:18 -0400, Joshua Brindle wrote:
>>
>>
>>> Joy Latten wrote:
>>>
>>>
>>>>> Before network labeling is completed we still need some work
>>>>> implementing how we plan to audit configuration changes in ipsec
>>>>> labeling decisions. I believe we agreed today that this auditing must
>>>>> be done in kernelspace since we do not have fine grained enough controls
>>>>> on netlink messages to allow for all of the auditing in userspace.
>>>>>
>>>>>
>>>>>
>>>> I've talked to Klaus about what needs to be audited for ipsec and
>>>> lspp compliance. I will begin work on a patch and get this out
>>>> to the list as soon as I can. We will audit everytime a policy is
>>>> added/removed to/from the ipsec policy database.
>>>>
>>>>
>>>>
>>> why not just auditallow all association setcontext?
>>>
>> Dang! Why didn't I think of that! :-)
>> Such a good idea. I will do a quick test and
>> show Klaus and see if it all looks ok to him.
>> Thanks!!!
>>
>
> If we go the auditallow route then we lose some audit record management
> features, like the ability to enable/disble/search for these records,
> don't we? Do we care?
>
>
enable and disable with a boolean
searching? surely you can search avc records..
More information about the redhat-lspp
mailing list