Why is syscall auditing on with no rules?

[Andi Kleen]

Andy Lutomirski <luto at amacapital.net> writes:

> On a stock Fedora installation:
>
> $ sudo auditctl -l
> No rules

I noticed the same recently on a recent opensuse. kauditd is running,
even though I uninstalled all audit related userland long before. I'm sure
the evil "make syscalls slow" flag is set too.

-Andi

-- 
ak at linux.intel.com -- Speaking for myself only