Michael C Thompson wrote: > Below is a patch which will cause auditctl to report that exclude,never > is a meaningless rule construct. This patch was written as it was deemed > that exclude,never does not make sense based on the man-pages, and that > exclude,always and exclude,never are functionality equivalent.
While the word "always" makes more sense than the word "never", the description of "always" in the manpage is confusing when applied to the "exclude" list, since "always" means to always generate an audit record. Maybe "exclude" doesn't need an action as sort of an action itself. Or maybe the text for "always" should be updated to describe what it means for different lists. -- ljk -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
