[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: AVC messages

Stephen Smalley wrote:
> But I don't see why that should prevent you 
> from handling
> SELinux audit messages via auditd and directing them to a MAC 
> audit log
> file.  The kernel logging infrastructure can't really handle the
> potential load of SELinux audit, and you don't really want 
> SELinux audit
> messages intermingled with other kernel log messages.

What type of audit log separation are you suggesting?

I would think SELinux AVC messages could logged to separate location.
However, even a failed request because of DAC needs to have complete MAC
information (label/type) of subject and object in the audit record for LSPP.

Does this match up to what you were stating?

Chad Hanson
Senior Secure Systems Engineer

Trusted Computer Solutions
121 W Goose Alley
Urbana, IL  61801


V:  217.384.0028  ext.12
F:  217.384.0288

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]