[redhat-lspp] Re: RHEL5 Kernel with labeled networking
Steve Grubb
sgrubb at redhat.com
Wed Oct 4 16:13:03 UTC 2006
On Tuesday 03 October 2006 16:40, Linda Knippers wrote:
> > Dang! Why didn't I think of that! :-)
> > Such a good idea. I will do a quick test and
> > show Klaus and see if it all looks ok to him.
> > Thanks!!!
>
> If we go the auditallow route then we lose some audit record management
> features, like the ability to enable/disble/search for these records,
> don't we? Do we care?
Yes we care! And we should not do it with auditallow rules. The problem is
that to SE linux, EVERYTHING is an AVC. There is no separation of meaning by
using the message type. If an admin wants to query to see all the config
changes made during a range of time, using AVC's will not be considered in
the results.
There needs to be a new message type for this or we need to consolidate around
the ones Paul used for netlabel and change them as needed. This allows better
reporting and understanding of the system's real status.
-Steve
More information about the redhat-lspp
mailing list