[redhat-lspp] RFC: Possible Audit Failure Design Change

Amy Griffis amy.griffis at hp.com
Wed May 17 14:56:38 UTC 2006


Steve Grubb wrote:     [Wed May 17 2006, 08:42:57AM EDT]
> On Tuesday 16 May 2006 18:51, Lisa Smith wrote:
> > Instead of introducing a new user space tunable to determine how to
> > handle an audit failure, what if we used the kernel's audit_failure
> > variable that already exists?  
> 
> What if syscall audit is not compiled into the kernel? Would that map to 
> ignore?

The userspace programs shouldn't require syscall audit.  But if the
kernel was built without CONFIG_AUDIT, I think ignore would be
appropriate, and would also follow what the trusted programs are
currently doing.




More information about the redhat-lspp mailing list