Joshua Brindle wrote:
Add libaudit support for adding directory watch rules.
Add rule parsing support to auditd.
Rule format matches auditctl. Currently only supports -w and -e.
One strange thing about this is that after auditd sets a rule there will
be a response that is type=2 msg=<insert garbage here>.
As far as I can tell the acknowledgement for setting the rule is coming
well after the call and is being interpreted as a normal message. Since
netlink is asynchronous this is expected, but I don't know how the Red
Hat audit is handling it, and I'm avoiding looking at that code other
than to match API's.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
