What is expected: exclude action on the never list?

Steve Grubb sgrubb at redhat.com
Tue May 30 21:12:50 UTC 2006

Previous message (by thread): What is expected: exclude action on the never list?
Next message (by thread): What is expected: exclude action on the never list?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday 30 May 2006 16:45, Michael C Thompson wrote:
> I would read the second rule as saying "do not exclude messages of type
> SYSCALL". Is this a correct interpretation of the rule?

That sounds reasonable, but I don't think that's what the kernel does. Maybe 
it should be corrected. I think its a 1 or 2 liner.

-Steve

Previous message (by thread): What is expected: exclude action on the never list?
Next message (by thread): What is expected: exclude action on the never list?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audit mailing list