Re: audit.36 kernel
I am still seeing some problems with missing watch records ... here is
one scenario:
auditctl -w /tmp/file -k test-key (watch insert record generated)
touch /tmp/file (watch record generated )
echo "testing" > /tmp/file1 (NO record)
rm /tmp/file1 (NO record & kernel hangs)
It looks like the system hangs every time I attempt to remove a watched
file.
- Loulwa