Re: audit 0.6 release

On Thursday 06 January 2005 17:30, Casey Schaufler wrote: I think he was asking for a clue as to what the auditctl syntax might be. While all of this discussion is good background information, I don't think it helps the immediate problem. There has to be a way for people to easily do this or we need to fix the framework. Leigh's right...this does go back to the vfs discussion. FWIW, this is the code for the rule matcher so you can get an idea of what its current capabilities are: http://lxr.linux.no/source/kernel/auditsc.c?v=2.6.8.1#L288 So I think the correct answer for Tom is that people are working on providing the kernel pieces to make this work? The audit framework is still a work in progress. Both the kernel side and user space side. -Steve Grubb