Steve Grubb wrote: [Wed May 17 2006, 08:42:57AM EDT] > On Tuesday 16 May 2006 18:51, Lisa Smith wrote: > > Instead of introducing a new user space tunable to determine how to > > handle an audit failure, what if we used the kernel's audit_failure > > variable that already exists? > > What if syscall audit is not compiled into the kernel? Would that map to > ignore?
The userspace programs shouldn't require syscall audit. But if the kernel was built without CONFIG_AUDIT, I think ignore would be appropriate, and would also follow what the trusted programs are currently doing. -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
