[redhat-lspp] Re: RHEL5 Kernel with labeled networking

[Karl MacMillan]

Joshua Brindle wrote:
>
> Linda Knippers wrote:
<snip>
>>
>> If we go the auditallow route then we lose some audit record management
>> features, like the ability to enable/disble/search for these records,
>> don't we?  Do we care?
>>
>>   
> enable and disable with a boolean
>
> searching? surely you can search avc records..
>

Of course - the avc records are just audit records so the searching / 
reduction / etc. should be fine with the existing audit tools.

Karl