On Tuesday, June 11, 2013 04:04:54 PM LC Bruzenak wrote:
> I was playing with audit rules using keys with spaces.
> Is the following expected (ignore the logic; was just testing the returns)?
>
> # auditctl -l -k lsmod
> LIST_RULES: exit,always watch=/sbin/lsmod perm=x key=lsmod kernel
> LIST_RULE
Hey Steve,
I was expecting it to not match the one with the spaces.
I can live with any answer; either disallowing spaces or allowing spaces
and matching exactly, or (less desirable) even if it is desired to match
the first occurrence of the string and it is noted as such in the man page.
The rea
On Wed, 2013-06-19 at 16:49 -0400, Aristeu Rozanski wrote:
> On Wed, Jun 19, 2013 at 09:53:32AM +0800, Gao feng wrote:
> > This patchset is first part of namespace support for audit.
> > in this patchset, the mainly resources of audit system have
> > been isolated. the audit filter, rules havn't be
On 06/20/2013 04:51 AM, Eric Paris wrote:
> On Wed, 2013-06-19 at 16:49 -0400, Aristeu Rozanski wrote:
>> On Wed, Jun 19, 2013 at 09:53:32AM +0800, Gao feng wrote:
>>> This patchset is first part of namespace support for audit.
>>> in this patchset, the mainly resources of audit system have
>>> bee
On 06/20/2013 11:02 AM, Gao feng wrote:
> If we don't tie audit to user namespace, there is still one problem.
One more problem. some audit messages are generated by some net subsystem
such as netfilter. If we don't tie audit to user namespace, we have no
idea where these audit messages should go.
On 06/20/2013 05:03 AM, Eric W. Biederman wrote:
> Eric Paris writes:
>
>> On Wed, 2013-06-19 at 16:49 -0400, Aristeu Rozanski wrote:
>>> On Wed, Jun 19, 2013 at 09:53:32AM +0800, Gao feng wrote:
This patchset is first part of namespace support for audit.
in this patchset, the mainly re
