--- Linda Knippers <[EMAIL PROTECTED]> wrote:
> It has a requirement to be able to audit all > modifications of the > values of security attributes, so we can audit a > bunch of syscalls > that do that (chmod, chown, setxattr, ...). > Relabeling files > would definitely count and be covered. There's also > a requirement about > auditing changes to the way data is > imported/exported, so this is where > the networking stuff comes in. I don't know about > domain transitions. I think you would have trouble arguing that a domain transition is not a change in the security state of the system. For the evaluations I worked auditing was required for any change to uids, gids, capabilities, sensitivity, integrity, or any other security relevent attribute. Casey Schaufler [EMAIL PROTECTED] -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
