diff for duplicates of <1520532165.3605.51.camel@linux.vnet.ibm.com>
diff --git a/a/1.txt b/N1/1.txt
index cad8550..f6f386b 100644
--- a/a/1.txt
+++ b/N1/1.txt
@@ -62,20 +62,20 @@ On Thu, 2018-03-08 at 06:21 -0500, Richard Guy Briggs wrote:
> different identically-numbered records are produced as a first step
> towards splitting them into two distict records?
-Agreed, the two uses should really be separated. ima_parse_rule()
+Agreed, the two uses should really be separated. ima_parse_rule()
generates audit messages, when the IMA policy is initially loaded,
replaced, or extended, the policy rules are included in the audit log.
When IMA is namespaced, there will be a host policy and namespace
-policies. We'll need to be able differentiate between the host policy
+policies. We'll need to be able differentiate between the host policy
rules and IMA namespaced policy rules, and between IMA namespaced
policy rules.
The audit messages produced by ima_audit_measurement() were originally
upstreamed for forensics, and as seen by the FireEye blog are now used
-to augment existing security analytics. These records are probably
-being used independently of any other audit records. A single record
-is generated per file, per system. With IMA namespacing, these
-records need to be generated once per file, per namespace as well. In
+to augment existing security analytics. These records are probably
+being used independently of any other audit records. A single record
+is generated per file, per system. With IMA namespacing, these
+records need to be generated once per file, per namespace as well. In
order to differentiate the records between the host and namespace, and
between namespaces, these records should include the container id.
diff --git a/a/content_digest b/N1/content_digest
index 49cde04..3d83bab 100644
--- a/a/content_digest
+++ b/N1/content_digest
@@ -103,20 +103,20 @@
"> different identically-numbered records are produced as a first step\n",
"> towards splitting them into two distict records?\n",
"\n",
- "Agreed, the two uses should really be separated. \302\240ima_parse_rule()\n",
+ "Agreed, the two uses should really be separated. ima_parse_rule()\n",
"generates audit messages, when the IMA policy is initially loaded,\n",
"replaced, or extended, the policy rules are included in the audit log.\n",
"When IMA is namespaced, there will be a host policy and namespace\n",
- "policies. \302\240We'll need to be able differentiate between the host policy\n",
+ "policies. We'll need to be able differentiate between the host policy\n",
"rules and IMA namespaced policy rules, and between IMA namespaced\n",
"policy rules.\n",
"\n",
"The audit messages produced by ima_audit_measurement() were originally\n",
"upstreamed for forensics, and as seen by the FireEye blog are now used\n",
- "to augment existing security analytics. \302\240These records are probably\n",
- "being used independently of any other audit records. \302\240A single record\n",
- "is generated per file, per system. \302\240With IMA namespacing, these\n",
- "records need to be generated once per file, per namespace as well. \302\240In\n",
+ "to augment existing security analytics. These records are probably\n",
+ "being used independently of any other audit records. A single record\n",
+ "is generated per file, per system. With IMA namespacing, these\n",
+ "records need to be generated once per file, per namespace as well. In\n",
"order to differentiate the records between the host and namespace, and\n",
"between namespaces, these records should include the container id.\n",
"\n",
@@ -133,4 +133,4 @@
"Mimi"
]
-c026fe3539a60cc6821876ce4db1ffde86092374ada55b03936023bea2fae960
+3a9832a3f8d47a675fd8ab7a263f929836570505b797b450f20e34257f773a77
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.