[PATCH] enable /proc/$$/loginuid
Timothy R. Chavez
chavezt at gmail.com
Mon Jan 17 19:28:24 UTC 2005
On Mon, 17 Jan 2005 11:10:29 -0800 (PST), Casey Schaufler
<casey at schaufler-ca.com> wrote:
>
> --- "Timothy R. Chavez" <chavezt at gmail.com> wrote:
>
> > ... Better to
> > do this filtering
> > in userspace via a daemon then in the kernel. We
> > should keep the
> > in-kernel audit subsystem as small and efficient as
> > possible.
> > Anything that can be delegated to userspace should
> > be delegated to
> > userspace.
>
> For this scheme to work the kernel has to
> generate all possible records and pass them
> on for filtering. This is much less efficient
> than having the kernel filter records that
> are known to be uninteresting. Filtering
> must be done at a place where sufficient
> information is available to make the choice,
> and that means it must be done in the kernel
> or that all possible filtering criteria must
> be passed on.
Right, and such filtering already exists in the kernel and is mostly,
if not completely, sufficient to meet this goal. What I was getting
at is that there may be a desire to do additional filtering that goes
above and beyond what the kernel is capable of doing. Thus. this is
one reason why the audit daemon and not the kernel, should be used to
write out to the actual log file.
<snip>
> =====
> Casey Schaufler
> casey at schaufler-ca.com
>
> __________________________________
> Do you Yahoo!?
> Meet the all-new My Yahoo! - Try it today!
> http://my.yahoo.com
>
>
--
- Timothy R. Chavez
More information about the Linux-audit
mailing list