On Fri, Jun 07, 2013 at 08:38:56PM +0200, Miloslav Trmač wrote: > On Fri, Jun 7, 2013 at 8:29 PM, Matthew Garrett <mj...@srcf.ucam.org> wrote: > > So why not add a mechanism to permit applications to indicate that > > certain accesses they make should be ignored by audit? > > Because it would be primarily useful to the attackers' applications. > Or am I missing something? (BTW, audit already has something like > "dontaudit" rules. But it has limited information to work with.)
If the attacker has root then the attacker can just change the file permissions anyway? -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
