--- [EMAIL PROTECTED] wrote:
> On Wed, 27 Sep 2006 18:18:45 EDT, Linda Knippers > said: > > > > I would think so. I'm not exactly sure how you'd > specify the file system > > you want. Is the major/minor pair? > > What's the major/minor for /proc? You should be able to get that from the audit record generated by an operation if you decided to audit /proc/<something> and then attempt an illegel access. I wouldn't be too surprised if the value reported is uninformative. The dev number is in the audit record for file access, right? > (or any other pseudo file system that one might want > to put a watch on). If the "device" is not meaningfull there ought to be something useful in the superblock. > (And am I going to get a brick lobbed at me if I say > "unionfs"? :) A half-brick. They have better range. Casey Schaufler [EMAIL PROTECTED] -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
