[PATCH] Add audit uid to netlink credentials
Chad Hanson
chanson at TrustedCS.com
Thu Feb 10 15:16:21 UTC 2005
David Woodhouse wrote:
>
> Perhaps I misunderstand the intent of userspace AUDIT_WRITE. Can you
> provide examples of why you _wouldn't_ want to let a dæmon which is
> already sending random unvetted AUDIT_WRITE messages also specify the
> loginuid on _those_ messages?
The loginuid is part of the process state. This is the reason you do not
want to write out this information from a userspace application, as the
process state portions of the audit record are recorded by the kernel.
-Chad
More information about the Linux-audit
mailing list