[PATCH] Auditd shutdown credentials
Chris Wright
chrisw at osdl.org
Wed Apr 27 21:56:14 UTC 2005
* Steve Grubb (sgrubb at redhat.com) wrote:
> On Wednesday 27 April 2005 16:36, Steve Grubb wrote:
> > > > + if (unlikely(audit_pid && t->pid == audit_pid)) {
> > > > + if (sig == SIGTERM || sig == SIGKILL) {
> >
> > > Any reason this should be unavailable when syscall auditing is off?
>
> I'm pretty sure I mis-read your question. Can you elaborate?
That code is not compiled when CONFIG_AUDITSYSCALL=n. When I wrote that,
I didn't think syscall auditing would be requirement for this feature
(but, then again in that case the audit_context is non-existant, and
the loginuid is not there, and the whole point of this thing is perhaps
moot...)
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
More information about the Linux-audit
mailing list