[redhat-lspp] what happens when something can't be audited?
Steve Grubb
sgrubb at redhat.com
Sat Feb 10 19:16:52 UTC 2007
On Saturday 10 February 2007 14:00, Linda Knippers wrote:
> That's why we added the audit library routine to get the user selectable
> failure action from /etc/libaudit.conf.
Did patches get submitted so that trusted programs use it?
> In the cups case, it checks that when it opens the audit socket, which it
> does when it starts up. When we talked about this before we talked about
> per-application failure actions but ended up with just a global one. I
> don't think we want to add command-line options.
I guess you are right. I keep forgetting about that addition.
-Steve
More information about the redhat-lspp
mailing list