Which of these options would be preferred for audit records
when there are multiple active security modules? I'm not asking
if we should do it, I'm asking which of these options I should
implement when I do do it. I've prototyped #1 and #2. #4 is a
minor variant of #1 that is either better for compatibility or
worse, depending on how you want to look at it. I understand
that each of these offer challenges. If I've missed something
obvious, I'd be delighted to consider #5.
Thank you.
Option 1:
subj=selinux='x:y:z:s:c',apparmor='a'
Option 2:
subj=x:y:z:s:c subj=a
Option 3:
lsms=selinux,apparmor subj=x:y:z:s:c subj=a
Option 4:
subjs=selinux='x:y:z:s:c',apparmor='a'
Option 5:
Something else.