[PATCH] support for context based audit filtering
Amy Griffis
amy.griffis at hp.com
Fri Mar 10 21:57:17 UTC 2006
On Fri, Mar 10, 2006 at 02:52:51PM -0600, Darrel Goeddel wrote:
> I like 'em. Here is a new patch that incorporates them. It also
> moves the initialization call to selinux into the audit_init
> function as you had suggested earlier. Look right?
You may want to audit_log a message indicating that the audit rules
were updated due to policy reload. And in the case when you remove a
rule because you couldn't update it, you might want to log that too.
Otherwise, looks good to me.
More information about the Linux-audit
mailing list