Fwd: Re: Fw: Audit records for start/stop auditd
Steve Grubb
sgrubb at redhat.com
Wed Apr 6 14:21:14 UTC 2005
On Wednesday 06 April 2005 09:59, Steve Grubb wrote:
> > Chris and I looked at this and discussed the possibility of adding a
> > check in security_task_kill()
OK, extending siginfo_t might be problematic. What about adding SA_AUDITINFO
to sigaction?
sigauditinfo_t {
int si_signo; /* Signal number */
int si_errno; /* An errno value */
int si_code; /* Signal code */
pid_t si_pid; /* Sending process ID */
uid_t si_uid; /* Real user ID of sending process */
uid_t si_luid /* Login ID of sending process */
int si_status; /* Exit value or signal */
sigval_t si_value; /* Signal value */
int si_int; /* POSIX.1b signal */
void * si_ptr; /* POSIX.1b signal */
}
Maybe other things for lspp/selinux, too?
-Steve
More information about the Linux-audit
mailing list