From mboxrd@z Thu Jan  1 00:00:00 1970
From: Linda Knippers <linda.knippers@hp.com>
Subject: Re: RFC deprecating the possible action
Date: Mon, 10 Apr 2006 15:55:02 -0400
Message-ID: <443AB816.7010505@hp.com>
References: <200604101505.57763.sgrubb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <200604101505.57763.sgrubb@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Steve Grubb <sgrubb@redhat.com>
Cc: Linux Audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

Steve Grubb wrote:
> We currently have 5 syscall rules in the capp.rules file and lspp.rules file 
> that would be eliminated by this change. I could always delete them from the 
> rule file, but other people will make the mistake of setting possible on some 
> rules without studying the kernel code.
> 
> What's people's thoughts on this?

I think if 'possible' no longer is needed, let's remove it.  The only
reason I can think of for keeping it is if people want to have the
same rules file for RHEL4 as for RHEL5, in which case it could be
silently ignored or turned into a regular watch on a RHEL5 system.

- ljk