>All of those rules look fine for audit package > 1.3 and
> kernel probably > 2.6.21. But those rules are not default
> and would have taken some research to come up with
> since I know of no public examples of auditing by selinux
> context.
So what should line 15 look like today?
There is no line 15. The default audit rules are simply 14 lines ending with feel free to
add rules below this. And that is where all your problems are. The audit by obj_type would
have a very esoteric use and would encode knowledge of a specific selinux policy, so its
not something I'd ever ship by default - even in sample rules.
-Steve
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com