Re: [PATCH] audit: file system auditing based on location and name
> [foo@liltux /]$ cat /etc/shadow
> cat: /etc/shadow: Permission denied
Additionally, the apps would need to either be rewritten to create
the files under the audited context, or policy would have to cause all
files created by those apps to be under the audited context. Neither
one of those options is satisfactory
why not?
If your /etc/shadow has no selinux context you've lost already :0