[redhat-lspp] lspp.8 kernel released
Klaus Weidner
klaus at atsec.com
Wed Feb 15 20:14:01 UTC 2006
On Wed, Feb 15, 2006 at 01:38:33PM -0500, Steve Grubb wrote:
> On Wednesday 15 February 2006 12:52, Klaus Weidner wrote:
> > I wasn't able to add filesystem watches - "auditctl -w /tmp/q" produces
> > the message "error sending watch insert request (Invalid argument)", and
> > "auditctl -l" claims "File system watches not supported". This is using
> > audit-1.1.4-5.1; do I need a different tool?
>
> That version of audit does not support the new message types yet. So it won't
> work. Maybe Amy has a hacked version of auditctl that she was using that you
> can test with? I might start adding some support soon.
Ok, I found the message on linux-audit from Nov 2 where Amy and you were
discussing the new -F path=/tmp/foo filter, but I haven't seen any audit
userspace patches.
Amy, do you have a patch for auditctl you could forward to Steve?
> > Other than this I haven't notices any obvious changes in behavior; "su"
> > is still broken but I guess that's a policy issue.
>
> Do you still get the Oops?
I don't, see my previous message ;-)
% I just tried it - the "idr_remove called for id=1 which is not allocated"
% messages on SSH logins are gone now.
-Klaus
More information about the redhat-lspp
mailing list