Re: [PATCH] audit keys: support for multiple audit keys
On Friday 12 March 2010 02:44:22 am Juraj Hlista wrote:
An audit rule can have more than 1 key, the keys can be of
different types (only AUDIT_FILTERKEY for now)
We discussed this about 2 years ago and came up with this solution:
https://www.redhat.com/archives/linux-audit/2008-March/msg00125.html
For example, it is possible to create a rule such as:
auditctl -a exit,always -F path=/file -F key=k1 -F key=k2 -F key=k3
Any audit package since 1.7 supports this syntax already. What does this patch
provide that we don't already have? IOW, we already solved this problem 2
years ago, I am wondering if you knew we already can do this?
-Steve