Re: exclude rule help
On Thursday 25 June 2009 06:01:08 pm LC Bruzenak wrote:
Anyone have a good idea of how to discard all these events? Ideally
the
caller would send in a self-generated event such as "ryncing rick/src2/
to /temp-home" or similar. This is for a dedicated file backup
procedure.
Obviously I do not want to discard all rsync events, just when launched
by our trusted program. Nor would I really want all that program's
events discarded since I want it to be able to submit proactive events
which summarize its behavior.
With SE Linux, you can create different subject types based on how the
application was started. Then you can exclude based on the type you assign to
your subject whenever started by your trusted program.
-Steve