hi,

     Here there is a question ,and please help me .
     my work is that when user input "getfacl" or "setfacl", whatever success or failed,
the process of auditd can log this operation and the operation type is AUDIT_DAC_CHECHK that is defined in libaudit.h .
     In order to reach the destination ,i modified the codes in the packets of acl-2.2.39 and audit-1.7.7 .
     Firstly ,i added the function audit_log_acct_message()  in the file of getfacl.c and setfacl.c in the audited place and
the function audit_log_acct_message() is in file audit_logging.c of the audit-1.7.7.
     Secondly, i make the the project of  acl and the result is ok .And i run the object file of getfacl.
When the user is root,the audit message of getfacl operation can be logged.But when the user is normal user,the audit message cann't
be logged. The VAR "errno" v! alue is "Operation not permitted".when i execute the command "chmod u+s getfacl" as root. and then
the audit message of getfacl operation can be logged au normal user.

     how i can reslove the problem that when normal user and normal authority execute the command "getfacl" ,the audit system still can log the operation?????  
   
   thank you very much. i am looking forward to your reply!!!
  
  
                                                           tianyong