On Mon, 2009-11-09 at 16:10 +0100, Miloslav Trmač wrote: > From: Miloslav Trmac <[email protected]> > > Add support for matching by security label (e.g. SELinux context) of > the sender of an user-space audit record. > > The audit filter code already allows user space to configure such > filters, but they were ignored during evaluation. This patch implements > evaluation of these filters. > > For example, after application of this patch, PAM authentication logs > caused by cron can be disabled using > auditctl -a user,never -F subj_type=crond_t > > Signed-off-by: Miloslav Trmac <[email protected]>
I wish there was a way to stop sending these instead of dropping them later, but the functionality itself is not a horrid idea and this isn't a performance hot list (like the syscall list) so..... Acked-by: Eric Paris <[email protected]> (I actually talked to Al about it already and he'll queue it up for the next merge window) -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
