Re: audit 1.2.2 released

Hi, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit It will also be in rawhide tomorrow. The Changelog is: - Updates for new glibc-kernheaders - Change auditctl to collect list of rules then delete them on -D - Update capp.rules and lspp.rules to comment out rules for the possible list - Add new message types - Support sigusr1 sender identity of newer kernels - Add support for ppid in auditctl and ausearch - fix auditctl to trim the '/' from watches - Move audit daemon config files to /etc/audit for better SE Linux protection Beware ! This release has 2 changes to notice. It requires newer glibc-kernheaders and it moves the audit configuration files to the /etc/audit directory. The specfile should handle the transition gracefully. This release also supports new options in our current development kernels. It adds support for filtering by ppid and searching for ppid in the logs. It supports getting the signal info for senders of sigusr1. And completes the fix for listing or deleting large amounts of syscall rules. Watches that have a trailing '/' will now have it trimmed to make the kernel happier. 2 new message types were added AUDIT_DEV_ALLOC and AUDIT_DEV_DEALLOC for LSPP work. The capp & lspp rules were updated to not have "possible" as the list action. Please let me know if there are any problems with this release.