Re: [PATCH] Fix AUDIT_MAC_POLICY_LOAD event formatting
On 11/22/2016 08:55 AM, Stephen Smalley wrote:
> >OK. We can move the point where res=1 is set. But I would
think that its a
> >requirement to have an audit record that states that policy failed to load.
> >FMT_MSA.3 Static Attribute Initialization. Auditable events: All modifications
> >of the initial value of security attributes. I would think this means changes
> >such as booleans, modifying labels, loading a new policy, or failure to load a
> >policy.
Failure to load a policy is not a modification to the initial value of
the security attribute, is it?
It is definitely relevant, if it falls under another category.
Either a failed malicious intent or a failed supervisory function.
LCB
Attachments:
- attachment.html (text/html — 1.4 KB)