[PATCH] cleanups + fixes against audit.56
Steve Grubb
sgrubb at redhat.com
Wed Jun 15 20:06:59 UTC 2005
On Wednesday 15 June 2005 15:56, Timothy R. Chavez wrote:
> 4. PATH record woes... add a new token stating "I'm the parent of the file
> or I'm the file"
If we are required to emit a record for the file and you add a label saying
its the directory...don't we still need to dig up the file's attributes? I
think labeling it makes the mode clear to what it belongs to, but the intent
was to provide a record with the *correct* attributes for the object. I
think that in the case where we have a mismatch, the code needs to go dig up
the correct mode of the file instead of "getting it for free".
-Steve
More information about the Linux-audit
mailing list