[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] support for context based audit filtering



On Friday 10 March 2006 16:57, Amy Griffis wrote:
> You may want to audit_log a message indicating that the audit rules
> were updated due to policy reload.  And in the case when you remove a
> rule because you couldn't update it, you might want to log that too.

Do we really need to audit_log that? I would think that syslog is enough. We 
already have an event that a policy load occurred, can it be assumed that all 
these were updated? We do not do audit_log for other things that may or may 
not exist. For example, what if you put a rule in for uid=5000 when you meant 
500. The kernel does not say anything.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]