On Mon, Oct 10, 2016 at 1:24 PM, Steve Grubb <[email protected]> wrote: > On Thursday, August 18, 2016 2:18:55 PM EDT Richard Guy Briggs wrote: >> loginuid_set support should have been added to userspace when it was >> added to the kernel around v3.10. Add it before we do similar for >> sessionID and sessionID_set. > > If this were accepted, how would this change writing rules? IOW, can you give > an example rule so we can see what this looks like?
We have a RFE feature page which documents some rule examples: * https://github.com/linux-audit/audit-kernel/wiki/RFE-Session-ID-User-Filter -- paul moore security @ redhat -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
