* Crispin Cowan (crispinat_private) wrote: > Question for Casey & other Orange Book folk: the above proposal > *assumes* that it is C2 compliant to do checks in this order: > > 1. error checks (no audit records if they fail) > 2. DAC checks (audit records) > 3. MAC checks (audit records) > > Does this assumption hold? Dunno 'bout that. But I believe POSIX.1e Auditing requires recording the use of a (POSIX 1 and 1e defined) system interface. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 23:50:19 PST