New operators for rules
Steve Grubb
sgrubb at redhat.com
Fri Oct 7 13:14:14 UTC 2005
On Friday 07 October 2005 08:55, Amy Griffis wrote:
> Right, in new kernels. In older kernels, 101 doesn't mean anything.
Right it will fail. However, if we had a capabilities command like I've been
asking for, userspace could query the kernel and see what the audit system's
capabilities are and make decisions. If we added the capabilities command
now, then I could identify old kernels because the capabilities command is
unsupported. I could then tell the user that the operator is unsupported.
> > > How about introducing this feature in a 2.0 release?
> >
> > 2.0 of what? We are presumably working on kernel 2.6.1x.
>
> I was referring to audit tools 2.0.
That's what we are working on. ;)
-Steve
More information about the Linux-audit
mailing list