[PATCH] audit: file system auditing based on location and name

[Arjan van de Ven]

> > [foo at liltux /]$ cat /etc/shadow
> > cat: /etc/shadow: Permission denied
> 
> Additionally, the apps would need to either be rewritten to create
> the files under the audited context, or policy would have to cause all
> files created by those apps to be under the audited context.  Neither
> one of those options is satisfactory

why not?
If your /etc/shadow has no selinux context you've lost already :0