[PATCH] context based audit filtering (take 3)
Stephen Smalley
sds at epoch.ncsc.mil
Wed Feb 22 15:09:27 UTC 2006
On Wed, 2006-02-22 at 00:17 -0600, Dustin Kirkland wrote:
> > - printk a warning and ignore invalid selinux rules (but still hang on to them
> > so they may be activated with a later policy reload).
>
> Interesting... Is this the recommended approach by the SELinux folks?
Not by me, but Darrel thought it would be important to allowing audit
filters to survive across policy reloads and later revived as
appropriate without needing to reload the audit filters as well. I'm
not clear that it matters in production environments (versus just policy
development boxes).
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list