Change AUDIT_FILTER_TYPE to AUDIT_FILTER_EXCLUDE

caidongyun · Jun 4, 2018 · 0c74a61 · 0c74a61
1 parent 8601286
commit 0c74a61
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/docs/audit_add_rule_data.3 b/docs/audit_add_rule_data.3
@@ -21,7 +21,7 @@ AUDIT_FILTER_TASK - Apply rule at task creation (not syscall). This is the task
 AUDIT_FILTER_EXIT - Apply rule at syscall exit. This is the main filter that is used for syscalls and filesystem watches. Normally all syscall do not trigger events, so this is normally used to specify events that are of interest.
 .TP
 \(bu
-AUDIT_FILTER_TYPE - Apply rule at audit_log_start. This is the exclude filter which discards any records that match.  The action type is ignored for this filter, defaulting to "never".
+AUDIT_FILTER_EXCLUDE - Apply rule at audit_log_start. This is the exclude filter which discards any records that match.  The action type is ignored for this filter, defaulting to "never".
 .LP
 .TP
 \(bu

diff --git a/docs/audit_set_enabled.3 b/docs/audit_set_enabled.3
@@ -12,7 +12,7 @@ int audit_set_enabled (int fd, int enabled);
 .PP
 audit_set_enabled is used to control whether or not the audit system is active. When the audit system is enabled (enabled set to 1), every syscall will pass through the audit system to collect information and potentially trigger an event.
 
-If the audit system is disabled (enabled set to 0), syscalls do not enter the audit system and no data is collected. There may be some events generated by MAC subsystems like SE Linux even though the audit system is disabled. It is possible to suppress those events, too, by adding an audit rule with flags set to AUDIT_FILTER_TYPE.
+If the audit system is disabled (enabled set to 0), syscalls do not enter the audit system and no data is collected. There may be some events generated by MAC subsystems like SE Linux even though the audit system is disabled. It is possible to suppress those events, too, by adding an audit rule with flags set to AUDIT_FILTER_EXCLUDE
 
 .SH "RETURN VALUE"
-Original file line number
+Diff line change
@@ Expand Up @@
     AUDIT_FILTER_EXIT - Apply rule at syscall exit. This is the main filter that is used for syscalls and filesystem watches. Normally all syscall do not trigger events, so this is normally used to specify events that are of interest.
     .TP
     \(bu
-    AUDIT_FILTER_TYPE - Apply rule at audit_log_start. This is the exclude filter which discards any records that match.  The action type is ignored for this filter, defaulting to "never".
+    AUDIT_FILTER_EXCLUDE - Apply rule at audit_log_start. This is the exclude filter which discards any records that match.  The action type is ignored for this filter, defaulting to "never".
     .LP
     .TP
     \(bu
@@ Expand Down @@