On Wednesday 20 April 2005 22:20, Klaus Weidner wrote:
On Wed, Apr 20, 2005 at 05:51:26PM -0400, Steve Grubb wrote:
> This release features a new program autrace. It works similar to strace.
> You give it a program to execute with parameters and it: clears the audit
> rules, generates a rule to audit all syscalls for that program, and
> executes the program. When the program ends, it clears the rules.
Hmm, that sounds rather destructive for a harmless-sounding utility. So
if an admin uses autrace to debug something, that has the side effect of
switching off audit for the entire system?
Perhaps we can invent per-process "rulespaces" :-)?
-tim