[PATCH] (1/2) new audit filter allows excluding messages by type (kernel)
Steve Grubb
sgrubb at redhat.com
Thu Nov 3 14:39:42 UTC 2005
On Thursday 03 November 2005 08:58, Amy Griffis wrote:
> What about someone running a kernel without CONFIG_AUDITSYSCALL? With
> this implementation, they wouldn't be able to use this filtering at
> all. That doesn't make any sense, since filtering audit record types
> is inherently unrelated to syscalls. This filtering applies to audit
> in general, so it should live entirely in audit.c.
It might be tricky to untangle. I think it uses functions that only live in
that file. I think its worth looking into, though.
-Steve
More information about the Linux-audit
mailing list