auditing syscalls made 'by' an inode?
Peter Moody
pmoody at google.com
Fri Jun 8 15:36:38 UTC 2012
On Fri, Jun 8, 2012 at 7:49 AM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> On thing you could do would be to write a simple SELinux domain, like
> auditproc_t and have unconfined_t transition to it using runcon.
True, but this requires running selinux, which despite all of the
excellent work you guys have put into making that easy (easier), is
still a non-starter for some people.
Cheers,
peter
--
Peter Moody Google 1.650.253.7306
Security Engineer pgp:0xC3410038
More information about the Linux-audit
mailing list