I'm trying to find a way to quickly determine if auditing is enabled and it looks like the only real way to do that is to declare audit_enabled as an extern and check the variable directly. Is there some interface for this that I am missing? -- paul moore linux security @ hp