Skip to content

Commit

Permalink
add documentation for filesystem filter
Browse files Browse the repository at this point in the history
  • Loading branch information
@RH-steve-grubb
RH-steve-grubb committed Feb 27, 2019
1 parent d579a08 commit d696c09
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions docs/auditctl.8
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,9 @@ Add a rule to the user message filter list. This list is used by the kernel to f
.TP
.B exclude
Add a rule to the event type exclusion filter list. This list is used to filter events that you do not want to see. For example, if you do not want to see any avc messages, you would using this list to record that. Events can be excluded by process ID, user ID, group ID, login user ID, message type, subject context, or executable name. The action is ignored and uses its default of "never".
.TP
.B filesystem
Add a rule that will be applied to a whole filesystem. The filesystem must be identified with a fstype field. Normally this filter is used to exclude any events for a whole filesystem such as tracefs or debugfs.
.RE

The following describes the valid \fIactions\fP for the rule:
Expand Down

0 comments on commit d696c09

Please sign in to comment.