[redhat-lspp] RBAC Roles
Steve Grubb
sgrubb at redhat.com
Tue Sep 20 19:41:16 UTC 2005
On Tuesday 20 September 2005 14:40, Karl MacMillan wrote:
> Which is semantically the same as changing the policy, it just happens
> either in userland tools related to audit or the kernel. If the concern is
> simple practicality of not wanting to carry around a policy development
> environment, then policy modules combined with a tool to generate special
> audit modules would work.
The concern is having to teach people that you can't use the audit system to
audit. :)
> I also think that there is considerable value to keeping the SELinux
> related auditing in the SELinux policy.
I think it can and should co-exit. Its just that we want people to learn to
use the audit system for auditing. We want people to stay out of the policy
as much as possible. Its difficult to support people that have customized
their policy and then start reporting "bugs".
> Most importantly, the audit policy can be analyzed along with the policy.
Unless you are doing auditctl -l you will miss some things. If you are doing
it, then its more of the same.
> This would allow the considerable investment in policy analysis tools to be
> leveraged to continue to be used for audit analysis.
I think they have to co-exist kinda like sysctl.conf and echo "1"
> /proc/net/some-param. They are different ways of doing the same thing.
-Steve
More information about the redhat-lspp
mailing list