[redhat-lspp] Re: RHEL5 Kernel with labeled networking
Karl MacMillan
kmacmillan at mentalrootkit.com
Tue Oct 3 21:30:15 UTC 2006
Linda Knippers wrote:
> Joshua Brindle wrote:
>
>> Linda Knippers wrote:
>>
>>
<snip>
>>>
>>> If we go the auditallow route then we lose some audit record management
>>> features, like the ability to enable/disble/search for these records,
>>> don't we? Do we care?
>>>
>>>
>>>
>> enable and disable with a boolean
>>
>> searching? surely you can search avc records..
>>
>
> I meant with the audit tools, so using auditctl to add/remove rules and
> ausearch for looking for specific record types.
>
>
As I said in my other mail the searching should be fine. Why does the
addition or removal need to be handled by auditctl?
Karl
More information about the redhat-lspp
mailing list