[PATCH] LOGIN message credentials
Chris Wright
chrisw at osdl.org
Mon Apr 25 16:45:14 UTC 2005
* Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) wrote:
> On Mon, 25 Apr 2005 12:29:31 EDT, Steve Grubb said:
> > On Monday 25 April 2005 12:22, Valdis.Kletnieks at vt.edu wrote:
> > > OK.. I'll bite - why wasn't audit_get_context called?
> >
> > Because this normally happens at login. The login process may not be audited
> > depending on the rules.
>
> Hmm.. OK... Let me go and get my brain wrapped around the idea of an audit
> requirement that doesn't audit logins.. :)
It's an odd case. The audit context doesn't necessarily need to be
complete in the sense of syscall audit. audit_get_context fills out all
those extra bits (auditable, return_code, etc). In this case, the
loginuid msg is almost like a status message from the audit system
itself. Perhaps the api is a bit odd for this case, and some refactoring
could be done...
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
More information about the Linux-audit
mailing list