[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] Disable from user-space the addition of an exclude, never rule



Michael C Thompson wrote:
> Below is a patch which will cause auditctl to report that exclude,never
> is a meaningless rule construct. This patch was written as it was deemed
> that exclude,never does not make sense based on the man-pages, and that
> exclude,always and exclude,never are functionality equivalent.

While the word "always" makes more sense than the word "never", the
description of "always" in the manpage is confusing when applied
to the "exclude" list, since "always" means to always generate
an audit record.  Maybe "exclude" doesn't need an action as sort
of an action itself.  Or maybe the text for "always" should be
updated to describe what it means for different lists.

-- ljk


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]