RFC deprecating the possible action
Linda Knippers
linda.knippers at hp.com
Mon Apr 10 19:55:02 UTC 2006
Steve Grubb wrote:
> We currently have 5 syscall rules in the capp.rules file and lspp.rules file
> that would be eliminated by this change. I could always delete them from the
> rule file, but other people will make the mistake of setting possible on some
> rules without studying the kernel code.
>
> What's people's thoughts on this?
I think if 'possible' no longer is needed, let's remove it. The only
reason I can think of for keeping it is if people want to have the
same rules file for RHEL4 as for RHEL5, in which case it could be
silently ignored or turned into a regular watch on a RHEL5 system.
- ljk
More information about the Linux-audit
mailing list