[PATCH] new audit rule interface
Steve Grubb
sgrubb at redhat.com
Thu Jan 5 22:20:40 UTC 2006
On Wednesday 21 December 2005 19:08, Amy Griffis wrote:
> +#define AUDIT_ADD_RULE 1011 /* Add syscall filtering rule */
> +#define AUDIT_DEL_RULE 1012 /* Delete syscall filtering rule */
> +#define AUDIT_LIST_RULES 1013 /* List syscall filtering rules */
You'll also need to patch security/selinux/nlmsg_tab.c sb
{ AUDIT_ADD_RULE, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
{ AUDIT_DEL_RULE, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
{ AUDIT_LIST_RULES, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV },
Thanks,
-Steve
More information about the Linux-audit
mailing list