[RFC][PATCH] (#7U2) [linux-2.6.12-rc2-mm1] file system auditing
Stephen Smalley
sds at tycho.nsa.gov
Mon Apr 25 19:35:18 UTC 2005
On Sat, 2005-04-23 at 05:09 +0000, Timothy R. Chavez wrote:
> Hello,
>
> This is an updated patch with the spinlock correctly defined. I'm assuming
> both oops Stephen reported were the same one (since the spinlock would be
> used in both cases).
Yes, and this patch corrects that problem. I verified that after
running:
auditctl -e 1
auditctl -w /etc/shadow -k SHADOW -p w
subsequently running 'passwd' to change my own password multiple times
correctly generated multiple audit records (for the rename(2) call).
I also tried running 'vipw' as an admin, which generated a series of
audit messages (for an access(2) call, a link(2) call, and the rename(2)
call).
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the Linux-audit
mailing list