Re: [RFC][PATCH] (#6) filesystem auditing

On Tue, 2005-03-15 at 11:51 -0600, Timothy R. Chavez wrote: Hmmm...that isn't what I get. With a patched 2.6.11 kernel and 0.6.7 auditctl, I see: # ./auditctl -w /etc/shadow Error sending netlink packet (Invalid argument) Error sending rule to kernel # ./auditctl -e 1 AUDIT_STATUS: enabled=1 flag=1 pid=0 rate_limit=0 backlog_limit=64 lost=0 backlog=0 I added printks to the kernel audit code, and I see them when I do the auditctl -e, but not when I try the auditctl -w, so it seems like it isn't even reaching audit_receive(), i.e. malformed netlink packet? -- Stephen Smalley <sds(a)tycho.nsa.gov&gt; National Security Agency