On Fri, Jun 07, 2013 at 08:38:56PM +0200, Miloslav Trmač wrote: > On Fri, Jun 7, 2013 at 8:29 PM, Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote: > > So why not add a mechanism to permit applications to indicate that > > certain accesses they make should be ignored by audit? > > Because it would be primarily useful to the attackers' applications. > Or am I missing something? (BTW, audit already has something like > "dontaudit" rules. But it has limited information to work with.) If the attacker has root then the attacker can just change the file permissions anyway? -- Matthew Garrett | mjg59@xxxxxxxxxxxxx -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
