On Fri, 8 Nov 2019 13:39:58 -0700
"John T Olson" wrote:
> Greetings,
>
> I have the following 2 audit rules set up:
>
> -a always,exit -F arch=b64 -S all -F exit=-EACCES -F dir=/gpfs/fs1
> -a always,exit -F arch=b64 -S all -F exit=-EPERM -F dir=/gpfs/fs1
>
> I have a directory structure like t
Greetings,
I have the following 2 audit rules set up:
-a always,exit -F arch=b64 -S all -F exit=-EACCES -F dir=/gpfs/fs1
-a always,exit -F arch=b64 -S all -F exit=-EPERM -F dir=/gpfs/fs1
I have a directory structure like the following:
(13:15:26) zippleback-vm1:~ # ls -la /gpfs/fs1/test/
tota
On Fri, Oct 25, 2019 at 5:00 PM Richard Guy Briggs wrote:
> On 2019-10-10 20:38, Paul Moore wrote:
> > On Wed, Sep 18, 2019 at 9:24 PM Richard Guy Briggs wrote:
> > > Store the audit container identifier in a refcounted kernel object that
> > > is added to the master list of audit container ident
On Thu, Oct 24, 2019 at 5:23 PM Richard Guy Briggs wrote:
> On 2019-10-10 20:38, Paul Moore wrote:
> > On Fri, Sep 27, 2019 at 8:52 AM Neil Horman wrote:
> > > On Wed, Sep 18, 2019 at 09:22:23PM -0400, Richard Guy Briggs wrote:
> > > > Set an arbitrary limit on the number of audit container ident
On Fri, Oct 25, 2019 at 3:20 PM Richard Guy Briggs wrote:
> On 2019-10-10 20:39, Paul Moore wrote:
> > On Wed, Sep 18, 2019 at 9:25 PM Richard Guy Briggs wrote:
> > > Add audit container identifier support to the action of signalling the
> > > audit daemon.
> > >
> > > Since this would need to ad