Re: [PATCH] auditfs updates to .46
On Thursday 26 May 2005 07:55, David Woodhouse wrote:
This means that tasks with an audit context will get their actions
logged when they touch a watched inode, but actions performed by tasks
_without_ an audit context will not by logged.
This seems like a source of unintended error. How do we let the system admin
know that they've lost events because they needed to specify possible? Could
an audit context be created on demand? The fact that it's a watched inode
would indicate that auditing is intended.
-Steve