Linda Knippers wrote:
Joshua Brindle wrote:
Linda Knippers wrote:
<snip>
If we go the auditallow route then we lose some audit record management
features, like the ability to enable/disble/search for these records,
don't we? Do we care?
enable and disable with a boolean
searching? surely you can search avc records..
I meant with the audit tools, so using auditctl to add/remove rules and
ausearch for looking for specific record types.
As I said in my other mail the searching should be fine. Why does the
addition or removal need to be handled by auditctl?
Karl
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
