Getting the program name in audit messages
Stephen Smalley
sds at tycho.nsa.gov
Fri Apr 1 13:42:17 UTC 2005
On Thu, 2005-03-31 at 16:30 -0500, Steve Grubb wrote:
> Hello,
>
> This topic has already been discussed on the SE Linux mail list. Because the
> attached patch affects the audit code, I want to put it out here for
> discussion as well. I started with a patch to put the program name into avc
> messages and Stephen Smalley changed the patch to put the processing in
> audit_log_exit.
BTW, I think we need to run the comm through audit_log_untrustedstring
or similar, and likewise for the path generated for the exe. Right?
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the Linux-audit
mailing list