On Fri, 07.06.13 15:35, Steve Grubb (sgrubb@xxxxxxxxxx) wrote: > On Friday, June 07, 2013 07:29:56 PM Matthew Garrett wrote: > > On Fri, Jun 07, 2013 at 02:02:14PM -0400, Simo Sorce wrote: > > > The point is that we are simply throwing ideas off the wall as an aid in > > > finding a way to solve the issue for all. > > > > So why not add a mechanism to permit applications to indicate that > > certain accesses they make should be ignored by audit? > > We've never needed an exception in the past. What I'm reporting is there is > now a trend on the rise where apps are trying to open files that do not belong > to them or open them not wanting the access time updated which attempts to > bypass forensic time stamps. This is hardly a "new trend" btw. PA has been doing this since about forever and has been default since Fedora 8. Which is more than 5 years ago. Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
