From fb1b1ab4dd10c1453c57b067e379ed37b5b91d13 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Thu, 9 Feb 2023 12:38:10 -0500
Subject: [PATCH] Update README since fanotify patch has been accepted

---
 README.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 55c9a22d..dd6caed3 100644
--- a/README.md
+++ b/README.md
@@ -386,9 +386,10 @@ total  file
 ```
 
 However, you probably want to know the rule that is blocking it. Unfortunately
-the audit system cannot tell you this. What you can do is change the decisions
-to deny_log. This will write the event to syslog as well as the audit log. In
-syslog, you will have the same output as the debug mode.
+the audit system cannot tell you this unless you are using the 6.4 kernel or
+later. What you can do is change the decisions to deny_log. This will write
+the event to syslog as well as the audit log. In syslog, you will have the
+same output as the debug mode.
 
 The shipped rules expect that everything installed is in the trust database.
 If you have installed anything by unzipping it or untarring it, then you need