Re: [PATCH] (1/2) new audit filter allows excluding messages by type (kernel)
On Thursday 03 November 2005 08:58, Amy Griffis wrote:
What about someone running a kernel without CONFIG_AUDITSYSCALL?
With
this implementation, they wouldn't be able to use this filtering at
all. That doesn't make any sense, since filtering audit record types
is inherently unrelated to syscalls. This filtering applies to audit
in general, so it should live entirely in audit.c.
It might be tricky to untangle. I think it uses functions that only live in
that file. I think its worth looking into, though.
-Steve