|Main Archive Page > Month Archives > selinux archives|
On Tue, 17 Jul 2007, Mimi Zohar wrote:
> No, it isn't being audited, but should be. The question is what type of audit
> message would be appropriate here. It could be the normal denied/granted
> message, but that would be confusing as this isn't based on a permission or
> capability check, but an integrity error. Any suggestions how to handle this
> here and in the other places?
If integrity is being enforced, then the final AVC denial should include information that it was because of an integrity failure.
I'm not sure that it's useful to have non-enforced integrity, aside from debugging/development use.
For general use, it should either be enabled or disabled.