Re: Getting the program name in audit messages
On Friday 01 April 2005 09:34, Stephen Smalley wrote:
Ok, if you think that this is a real concern, and given that syscall
auditing is presently disabled by default (requires explicit audit=1
kernel boot parameter or auditctl -e 1 to enable),
Yes, this was a concern since it possibly changed the behavior of deployed
systems (RHEL4, FC3).
possibly we should drop the patch to avc_audit for now while still
adding it
to audit_log_exit.
If we go this route, I'd like to push my original patch to get comm and
syscall information in the avc messages. Dan has been wanting an improvement
in that area for quite a while.
-Steve