[redhat-lspp] RBAC Roles
Steve Grubb
sgrubb at redhat.com
Tue Sep 20 15:39:53 UTC 2005
On Tuesday 20 September 2005 11:24, Steve Grubb wrote:
> Right. This is along the lines of what I'm thinking. Callback would
> probably not be necessary. The message will arrive in the filter after
> audit_log_end() and we can do any additional filtering there.
Actually, we would need to have a way to correlate the message with the rule
for extra filtering.
For example:
auditctl -a exit,always -S open -F role=secadm_t -F devmajor=12 -F success=no
Would you envision that SE Linux would do the -F role=secadm_t part and the
audit system would have to filter all the rest of it?
-Steve
More information about the redhat-lspp
mailing list