Steve Grubb wrote:
On Tuesday 03 October 2006 16:40, Linda Knippers wrote:
Dang! Why didn't I think of that! :-)
Such a good idea. I will do a quick test and
show Klaus and see if it all looks ok to him.
Thanks!!!
If we go the auditallow route then we lose some audit record management
features, like the ability to enable/disble/search for these records,
don't we? Do we care?
Yes we care! And we should not do it with auditallow rules. The problem is
that to SE linux, EVERYTHING is an AVC. There is no separation of meaning by
using the message type. If an admin wants to query to see all the config
changes made during a range of time, using AVC's will not be considered in
the results.
I don't understand - the object class and / or permissions will allow
filtering and separating out the various types of AVC messages.
Karl
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
