On Sunday 21 October 2007, Steve G wrote:
[...]
>> # Feel free to add below this line. See auditctl man page
>>
>> -a exit,always -S chroot
>> #-a exit,always -S chdir -F obj_type=dhclient_t
>
>I don't know the rule syntax, but just looking at the source, it
appears
>to me that the rule on line 15 is malformed (at least compared to the
>others).
All of those rules look fine for audit package > 1.3 and kernel probably >
2.6.21. But those rules are not default and would have taken some research
to come up with since I know of no public examples of auditing by selinux
context.
So what should line 15 look like today?
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Mix a little foolishness with your serious plans; it's lovely to be silly
at the right moment.
-- Horace