reporting loginuid on AUDIT_USER message
David Woodhouse
dwmw2 at infradead.org
Fri Jan 14 18:00:23 UTC 2005
On Fri, 2005-01-14 at 13:10 -0600, Serge Hallyn wrote:
> Do we have a preference? (1) is the most invasive, and would require
> going through netdev, but seems the cleanest to me. On the other hand,
> we could just say we're going with (3) as a way to put off having to
> make a decision...
Am I right in thinking that option 1 is the only one which guarantees
that the loginuid is correct, and not taken from a later task which
happens to have the same pid? That narrows the field of acceptable
options a little.
Do we have to hack netlink though? Can't we include the loginuid in the
messages we send via netlink instead? Or was that what you meant by
option 3?
--
dwmw2
More information about the Linux-audit
mailing list