[PATCH] auditfs updates to .46
Steve Grubb
sgrubb at redhat.com
Thu May 26 12:49:47 UTC 2005
On Thursday 26 May 2005 07:55, David Woodhouse wrote:
> This means that tasks with an audit context will get their actions
> logged when they touch a watched inode, but actions performed by tasks
> _without_ an audit context will not by logged.
This seems like a source of unintended error. How do we let the system admin
know that they've lost events because they needed to specify possible? Could
an audit context be created on demand? The fact that it's a watched inode
would indicate that auditing is intended.
-Steve
More information about the Linux-audit
mailing list