Re: auditing syscalls made 'by' an inode?
On Fri, Jun 8, 2012 at 7:49 AM, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
On thing you could do would be to write a simple SELinux domain,
like
auditproc_t and have unconfined_t transition to it using runcon.
True, but this requires running selinux, which despite all of the
excellent work you guys have put into making that easy (easier), is
still a non-starter for some people.
Cheers,
peter
--
Peter Moody Google 1.650.253.7306
Security Engineer pgp:0xC3410038