watch structure
Timothy R. Chavez
tinytim at us.ibm.com
Mon Apr 4 22:03:01 UTC 2005
On Monday 04 April 2005 04:50 pm, Steve Grubb wrote:
<snip>
>
> > Also, I wouldn't recommend wasting so much space by statically allocating
> > 4096 (or whatever MAX_PATH happens to be) for each name... considering
> > any file we're interested in auditing is unlikely to be MAX_PATH or even
> > close to MAX_PATH. Space is more valuable in the kernel, both on the
> > stack and in memory, then it is in user space.
>
> Right, but this is just for transit. Once inside the kernel it can be put
> into a memory area that is as long as strlen - which is what's done
> currently.
Sure, this would require two seperate structures. I'll do this.
>
> > And the memory should already be copied into the kernel by the time the
> > process ends.
>
> What guarantees that? netlink receive is asynchronous.
I suppose we should be waiting for a reply from the kernel. Anyway, if we
want to go the static structure approach, that's fine. I'll work on that
this week and we'll discuss the list feature a little more too.
-tim
>
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> http://www.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list