* auditctl filter keyword: "path"
@ 2006-05-25 15:30 Michael C Thompson
2006-05-25 15:56 ` Michael C Thompson
0 siblings, 1 reply; 2+ messages in thread
From: Michael C Thompson @ 2006-05-25 15:30 UTC (permalink / raw)
To: Linux Audit, Steve Grubb
Hey Steve,
audit-1.2.2-2 seems to be having problems with the path filter word.
# auditctl -a exit,always -S open -F path=bfile
Error sending add rule request (Invalid argument)
# auditctl -a entry,always -S open -F path=bfile
Error sending add rule request (Invalid argument)
I'm on kernel 27... Any idea on why this would be failing?
Thanks,
Mike
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: auditctl filter keyword: "path"
2006-05-25 15:30 auditctl filter keyword: "path" Michael C Thompson
@ 2006-05-25 15:56 ` Michael C Thompson
0 siblings, 0 replies; 2+ messages in thread
From: Michael C Thompson @ 2006-05-25 15:56 UTC (permalink / raw)
To: Michael C Thompson; +Cc: Linux Audit
Michael C Thompson wrote:
> Hey Steve,
>
> audit-1.2.2-2 seems to be having problems with the path filter word.
>
> # auditctl -a exit,always -S open -F path=bfile
> Error sending add rule request (Invalid argument)
> # auditctl -a entry,always -S open -F path=bfile
> Error sending add rule request (Invalid argument)
Apparently path will not take relative path names... Would it be
desirable to augment the logic of auditctl to resolve the relative path
and convert it to an absolute path for rule inclusion? This is a
nice-to-have that admins will expect.
Thanks,
Mike
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-05-25 15:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-05-25 15:30 auditctl filter keyword: "path" Michael C Thompson
2006-05-25 15:56 ` Michael C Thompson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox