Steve Grubb wrote: [Wed Feb 14 2007, 02:04:07PM EST] > On Wednesday 14 February 2007 13:24:31 Amy Griffis wrote: > > Add a syscall class for sending signals. > > The intent of the syscall classes had been to make an update independent way > of being able to specify audit rules for filesystem auditing where new > syscalls could be added.
Yeah, I know I used it in a different way from the original purpose. But I think this is still a valid use... When we are adding or removing a rule, we need a way to determine if the rule specified one of the syscalls for sending signals. > I don't know if this grouping would be useful in practice. <shrug> Yeah I wasn't sure either, so I didn't add the filtering part. > What I have been thinking about is a grouping for delete and close. > That would align with requirements on security standards people have > to meet. Makes sense. Do you think we're in danger of running out of slots for syscall classes? Amy -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
