auditctl behavior

[David Woodhouse]

On Tue, 2005-06-21 at 16:25 -0400, Steve Grubb wrote:
> OK I see what's happening. -D gets a list to work from. Since the kernel has 
> been changed so that kernel threads take care of doing the actual list, we 
> now get an ack immediately and then the list. The ack is an error packet with 
> error code of 0. I fixed this in the soon to be released 0.9.11.

Could I have done this differently in the kernel to make it easier? You
also get a marker at the end of the list, right?

-- 
dwmw2