IMA refines security_audit_rule_init to security_filter_rule_init. I need to understand what, if any, relationship there is between IMA's use of the audit rule mechanisms and the audit system's use. Is this simple code reuse, or is there some interaction between IMA and audit? I'm trying to sort out the problem of audit rules when there are multiple security modules. It looks as if there is also a problem for integrity rules, but it looks different. The "easy" change for audit doesn't fit with what's in IMA. If there's no interaction between the IMA and audit use of the rule infrastructure it's reasonable to fix them separately. If there is interaction things get messy.
