On Thu, 2006-03-16 at 13:29 -0500, Jason Baron wrote:
right, this is the the crux of the issue, whether or not the syscall
'partial' provides value for selinux or some other subsystem. If yes, then
the patch might be a good idea.
Better to just a) allow people to cleanly disable syscall auditing
without impacting anything else if they don't want it at all, and b)
optimize the actual syscall audit processing so that it doesn't impose
such an overhead that people feel compelled to disable it.
--
Stephen Smalley
National Security Agency