On Thu, 2016-12-29 at 10:53 -0800, Rick Stevens wrote: > > Which seems to indicate that the boolean is already set, but the audit > > flood continues. > > Ok, yeah, that's what I've got. > > As to the auditctl line, the "exe=" clause can only be used on the > "exit" list. I think what you want is: > > sudo auditctl -a exit,never -F exe=/opt/google/chrome/chrome > > e.g. "append a rule to the exit list so that it never generates an > audit record for that executable".
I think you're right, though it requires a close reading of the man page to understand this. Anyway I've enabled it in the audit rules and so far it seems to work. Thanks. poc _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
