>> # This file contains the auditctl rules that are loaded >> # whenever the audit daemon is started via the initscripts. >> # The rules are simply the parameters that would be passed >> # to auditctl. >> >> # First rule - delete all >> -D >> >> # Increase the buffers to survive stress events. >> # Make this bigger for busy systems >> -b 320 >> >> # Feel free to add below this line. See auditctl man page >> >> -a exit,always -S chroot >> #-a exit,always -S chdir -F obj_type=dhclient_t > >I don't know the rule syntax, but just looking at the source, it appears >to me that the rule on line 15 is malformed (at least compared to the >others). All of those rules look fine for audit package > 1.3 and kernel probably > 2.6.21. But those rules are not default and would have taken some research to come up with since I know of no public examples of auditing by selinux context. -Steve __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
