On Wed, Oct 04, 2006 at 12:25:28PM -0400, Steve Grubb wrote: > On Tuesday 03 October 2006 17:26, Klaus Weidner wrote: > > Can ausearch handle the auditallow AVC records in the audit log correctly > > for common fields such as auid and subject MLS label? > > Yes it can, but there's no way to distinguish the message's proper meaning. > You get an AVC with granted. How do you figure out that was a configuration > change? > > -Steve >
Agree. Though the information is in the AVC records, it would be difficult for an admin to use. Also, we don't want admins to have to change the policy just to audit in one particular case. Joy is looking at adding hooks in the SPD add and delete paths to fix this. -- George Wilson <[EMAIL PROTECTED]> IBM Linux Technology Center -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
