Brett Lymn <blymn@baesystems.com.au> writes:

> On Mon, Mar 08, 2004 at 05:30:06PM +0300, dlagno@mail.nnov.ru wrote:
> > 
> > veriexec generates messages of 2 types: about mismatched fingerprints and 
> > about lacking fingerprint.  All of them go to syslog with high importance 
> > level.
> 
> They are just kernel printf's so there is not much control about how
> they are logged.

There's plenty of control; the kernel printf() calls could be changed to
log() calls very easily if there's a desire to log at different levels.

> No, I don't think you are correct on that.  Lacking a fingerprint
> *should* not happen once the fingerprints have been loaded into the
> kernel.

This seems to be an issue for local policy control... but controlling
the log level of the no-fingerprint case seems like the wrong knob.

        - Nathan