On Tue, Nov 24, 2015 at 8:58 AM, Boyce, Kevin P (AS) <[email protected]> wrote: > Having never looked at the code, it sounds reasonable to me. It doesn't make > a lot of sense to disable syscall auditing independently.
I'd be very surprised to hear if anyone is running audit *without* syscall auditing, but I thought I would toss the question out there on the off chance I'm missing some critical use case. > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Paul Moore > Sent: Monday, November 23, 2015 5:43 PM > To: [email protected] > Subject: EXT :Fold CONFIG_AUDITSYSCALL into CONFIG_AUDIT? > > Does anyone out there build kernels with CONFIG_AUDIT=y and > CONFIG_AUDITSYSCALL=n? I'm thinking of simply removing the > CONFIG_AUDITSYSCALL knob and moving all that code under CONFIG_AUDIT, does > anyone have any objections? -- paul moore www.paul-moore.com -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
