[redhat-lspp] Re: RHEL5 Kernel with labeled networking
Karl MacMillan
kmacmillan at mentalrootkit.com
Wed Oct 4 16:28:47 UTC 2006
Steve Grubb wrote:
> On Tuesday 03 October 2006 16:40, Linda Knippers wrote:
>
>>> Dang! Why didn't I think of that! :-)
>>> Such a good idea. I will do a quick test and
>>> show Klaus and see if it all looks ok to him.
>>> Thanks!!!
>>>
>> If we go the auditallow route then we lose some audit record management
>> features, like the ability to enable/disble/search for these records,
>> don't we? Do we care?
>>
>
> Yes we care! And we should not do it with auditallow rules. The problem is
> that to SE linux, EVERYTHING is an AVC. There is no separation of meaning by
> using the message type. If an admin wants to query to see all the config
> changes made during a range of time, using AVC's will not be considered in
> the results.
>
>
I don't understand - the object class and / or permissions will allow
filtering and separating out the various types of AVC messages.
Karl
More information about the redhat-lspp
mailing list