auditctl behavior

Steve Grubb sgrubb at redhat.com
Wed Jun 22 11:03:52 UTC 2005

Previous message (by thread): auditctl behavior
Next message (by thread): audit 0.9.11 released
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wednesday 22 June 2005 02:58, you wrote:
> Could I have done this differently in the kernel to make it easier?

Not really. I use the ack flag for positive confirmation. When the new thread 
is spawned, the original returns and sends the ack. Before, the ack would 
come at the end.  Its fixed now.

> You also get a marker at the end of the list, right?

Yes. NLMSG_DONE.

-Steve

Previous message (by thread): auditctl behavior
Next message (by thread): audit 0.9.11 released
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audit mailing list