On Wednesday 17 May 2006 12:39, Amy Griffis wrote: > Looking through the code, I see that audit_getname, audit_inode and > friends do both checks, while the other aux data collectors only check > !context. Looks like someone should add the second check for those > also (except maybe audit_avc_path).
I think this was going to be done when the hook functions were changed to an inline function that checks if audit is enabled before doing the real function call. > IIRC, we want the avc path records even when syscall auditing is disabled. True. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
