[redhat-lspp] Re: RHEL5 Kernel with labeled networking
Klaus Weidner
klaus at atsec.com
Tue Oct 3 21:26:59 UTC 2006
On Tue, Oct 03, 2006 at 04:40:23PM -0400, Linda Knippers wrote:
> If we go the auditallow route then we lose some audit record management
> features, like the ability to enable/disble/search for these records,
> don't we? Do we care?
Well, you can permit admins to enable/disable the auditallow rule, that
way people who don't want it aren't bothered by the messages. I don't
think that the LSPP requirement to include/exclude messages by user
identity is intended to apply for administrative actions like this.
Can ausearch handle the auditallow AVC records in the audit log correctly
for common fields such as auid and subject MLS label?
-Klaus
More information about the redhat-lspp
mailing list