On Tue, 2010-11-23 at 13:50 +0100, Miloslav Trmač wrote: > Collect audited crypto operations in a list, because a single _exit() > can cause several AF_ALG sockets to be closed, and each needs to be > audited. > > Add the AUDIT_CRYPTO_OP field so that crypto operations are not audited > by default, but auditing can be enabled using a rule (probably > "-F crypto_op!=0").
Just an implementation question, why a new list instead of finding a way to reuse struct audit_aux_data? -Eric -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
