I fear the CAPP folks haven't read the Orange Book (Trusted Computer System Evaluation Criteria DOD-5200.28-STD), or prehaps forgotten that lower-security processes can write to higher-security ones, but not the reverse. Any process should be able to submit audit entries, but only the audit daemon can decide if they are to be accepted (;-))
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds