audisp plugin policy question(s)

[LC Bruzenak <lenny@magitekltd.com>]

In the audisp plugin sources (and audit.spec), the zos-remote plugin has
a policy section, the others do not. Will those pieces be added
similarly? Should prelude/prelude-plugin/remote-plugin policy go here or
in the system policy rpm?

Also some MLS prelude-related questions:

I realize this is technically a prelude policy question vice audit, but
I'm not certain how many selinux/MLS folks are on that list. Dan Walsh
suggested I ask on this list first. And it is due to the prelude plugin
to audit that this comes up, so at least the plugin is germane.

Right now my prelude-manager runs ranged SystemLow-SystemHigh.
Should this be only SystemHigh? I'm not exactly certain how this is done
now to run ranged. Here is the process listing:
ps -edaflZ | grep prelude
system_u:system_r:prelude_t:SystemLow-SystemHigh 1 S root 2432 1  0 80 0 - 33187 epoll_ Oct20 ?   00:00:04 prelude-manager -d
system_u:system_r:prelude_audisp_t:SystemHigh 0 S root 2664 2662  0 76 -4 - 10392 unix_s Oct20 ?  00:00:03 /sbin/audisp-prelude

There are some spool files not set accordingly which cause AVCs.
I guess these need file contexts?

As I said, there are many AVCs and those can probably be eliminated with
audit2allow exercises and review of the issue (like the labels on the
spool files).

Then there is a prelude-manager<->prelude-lml question, but I won't get
into that in case I hear "take it up with the prelude guys" from the
above.

Thx,
LCB.

-- 
LC (Lenny) Bruzenak
lenny@magitekltd.com