Re: [PATCH] context based audit filtering (take 3)
On Wed, 2006-02-22 at 00:17 -0600, Dustin Kirkland wrote:
> - printk a warning and ignore invalid selinux rules (but still
hang on to them
> so they may be activated with a later policy reload).
Interesting... Is this the recommended approach by the SELinux folks?
Not by me, but Darrel thought it would be important to allowing audit
filters to survive across policy reloads and later revived as
appropriate without needing to reload the audit filters as well. I'm
not clear that it matters in production environments (versus just policy
development boxes).
--
Stephen Smalley
National Security Agency