Re: AVC messages
On Tue, 2005-01-04 at 14:53, Steve Grubb wrote:
I was looking at my audit logs and have a question. Does the SE Linux
AVC
denial messages constitute something that ought to be in the audit logs? Or
does it belong in syslog?
I agree that it is important information...just curious where it should really
live.
It belongs in an audit log, but you could certainly have multiple audit
logs, with one dedicated to SELinux (i.e. MAC) audit messages.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency