Why doesn't this rule block syscall records?

[Steve Grubb]

On Friday 13 July 2007 09:26:48 am Steve Grubb wrote:
> OK, had to double check this. I think you are OK because the miscompare was
> bz 196233 which appears to have been fixed in -42. The current release,
> though, is -55 which has another important audit fix in it. The rule
> comparison is done by the kernel, so that is what matters.

Sorry, re-reading bz, it was fixed in U5. Please try that kernel.

-Steve