On 11/22/2016 08:55 AM, Stephen Smalley wrote:

> OK. We can move the point where res=1 is set. But I would think that its a 
> requirement to have an audit record that states that policy failed to load. 
> FMT_MSA.3 Static Attribute Initialization. Auditable events: All modifications 
> of the initial value of security attributes. I would think this means changes 
> such as booleans, modifying labels, loading a new policy, or failure to load a 
> policy.

Failure to load a policy is not a modification to the initial value of
the security attribute, is it?

It is definitely relevant, if it falls under another category.
Either a failed malicious intent or a failed supervisory function.

LCB