First page Back Continue Last page Overview Graphics
SELinux and Auditing
SELinux originally used existing kernel logging infrastructure for its audit messages.
RedHat developed a new kernel audit framework and converted SELinux to use it.
Advantages:
- Audit can be directed to a separate daemon
- Audit flooding can be more effectively addressed
- Audit framework captures information not available to SELinux
- Audit framework provides calls that can be safely called from any context
Notes: