watch structure
Stephen Smalley
sds at tycho.nsa.gov
Tue Apr 5 14:06:54 UTC 2005
On Tue, 2005-04-05 at 07:00 -0700, Casey Schaufler wrote:
> --- Stephen Smalley <sds at tycho.nsa.gov> wrote:
>
> > The structure could just define the length and perms
> > fields, then put a
> > char buf[0]; at the end to allow referencing of
> > watch->buf, and just
> > include the two strings immediately after the
> > structure when creating
> > it. Kernel can then extract them appropriately
> > based on the lengths.
> > No need to reserve fixed size fields for them.
>
> That would require two copyins, one to get the
> lengths and another to get the "buf". Not that
> that's necessarily a stopper, but I had assumed
> the goal was a one-shot interface.
No, the whole thing is sent as a single buffer that is copied into the
kernel once. buf[0] at the end of a structure is common practice to
reference data stuffed directly at the end of the structure.
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the Linux-audit
mailing list