[userspace PATCH v2 0/2] Add support for loginuid_set
Steve Grubb
sgrubb at redhat.com
Tue Oct 11 16:40:55 UTC 2016
On Monday, October 10, 2016 5:10:39 PM EDT Paul Moore wrote:
> On Mon, Oct 10, 2016 at 1:24 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> > On Thursday, August 18, 2016 2:18:55 PM EDT Richard Guy Briggs wrote:
> >> loginuid_set support should have been added to userspace when it was
> >> added to the kernel around v3.10. Add it before we do similar for
> >> sessionID and sessionID_set.
> >
> > If this were accepted, how would this change writing rules? IOW, can you
> > give an example rule so we can see what this looks like?
>
> We have a RFE feature page which documents some rule examples:
>
> *
> https://github.com/linux-audit/audit-kernel/wiki/RFE-Session-ID-User-Filter
OK, thanks. This is helpful. So, what is the difference between these rules?
-a always,exit -F path=/tmp/sessionid_test -F loginuid=-1
-a always,exit -F path=/tmp/sessionid_set_test -F loginuid_set=0
-Steve
More information about the Linux-audit
mailing list