[PATCH] (1/2) new audit filter allows excluding messages by type (kernel)
Timothy R. Chavez
tinytim at us.ibm.com
Thu Nov 3 16:30:16 UTC 2005
On Thursday 03 November 2005 08:39, Steve Grubb wrote:
> On Thursday 03 November 2005 08:58, Amy Griffis wrote:
> > What about someone running a kernel without CONFIG_AUDITSYSCALL? With
> > this implementation, they wouldn't be able to use this filtering at
> > all. That doesn't make any sense, since filtering audit record types
> > is inherently unrelated to syscalls. This filtering applies to audit
> > in general, so it should live entirely in audit.c.
>
> It might be tricky to untangle. I think it uses functions that only live in
> that file. I think its worth looking into, though.
>
> -Steve
>
This shortcoming also appears with user message filtering. Right?
-tim
More information about the Linux-audit
mailing list