[redhat-lspp] Re: RHEL5 Kernel with labeled networking
George C. Wilson
ltcgcw at us.ibm.com
Wed Oct 4 16:39:12 UTC 2006
On Wed, Oct 04, 2006 at 12:25:28PM -0400, Steve Grubb wrote:
> On Tuesday 03 October 2006 17:26, Klaus Weidner wrote:
> > Can ausearch handle the auditallow AVC records in the audit log correctly
> > for common fields such as auid and subject MLS label?
>
> Yes it can, but there's no way to distinguish the message's proper meaning.
> You get an AVC with granted. How do you figure out that was a configuration
> change?
>
> -Steve
>
Agree. Though the information is in the AVC records, it would be difficult for
an admin to use. Also, we don't want admins to have to change the policy just
to audit in one particular case. Joy is looking at adding hooks in the SPD add
and delete paths to fix this.
--
George Wilson <ltcgcw at us.ibm.com>
IBM Linux Technology Center
More information about the redhat-lspp
mailing list