audit 0.9.12 released
David Woodhouse
dwmw2 at infradead.org
Fri Jun 24 14:50:33 UTC 2005
On Fri, 2005-06-24 at 10:12 -0400, Steve Grubb wrote:
> I think unmatched means allow the message. I would err on the side of
> sending messages and let the admin suppress them.
That's already implemented. Each _rule_ gives yes/no/unmatched, and what
you're saying is that audit_filter_user() should return 1 if all calls
to audit_filter_user_rules() have returned 'unmatched'.
> I think this one we leave alone. User message filtering is not related
> to syscalls, so its different.
It's not particularly different at the moment. Changing the prototype
for one but not the other would make it gratuitously so, which isn't
really an improvement.
--
dwmw2
More information about the Linux-audit
mailing list