[redhat-lspp] Re: RHEL5 Kernel with labeled networking
Karl MacMillan
kmacmillan at mentalrootkit.com
Tue Oct 3 21:28:57 UTC 2006
Joshua Brindle wrote:
>
> Linda Knippers wrote:
<snip>
>>
>> If we go the auditallow route then we lose some audit record management
>> features, like the ability to enable/disble/search for these records,
>> don't we? Do we care?
>>
>>
> enable and disable with a boolean
>
> searching? surely you can search avc records..
>
Of course - the avc records are just audit records so the searching /
reduction / etc. should be fine with the existing audit tools.
Karl
More information about the redhat-lspp
mailing list