Re: AVC messages
On Tue, Jan 04, 2005 at 02:53:59PM -0500, Steve Grubb wrote:
I was looking at my audit logs and have a question. Does the SE Linux
AVC
denial messages constitute something that ought to be in the audit logs? Or
does it belong in syslog?
I agree that it is important information...just curious where it should really
live.
This kind of information is not relevant for CAPP, but is needed for LSPP
and similar profiles. For LSPP, it needs to be configurable in the same
way as other permission events, the profile requires that events can be
filtered by user identity.
-Klaus