syscall filtering on personality
Debora Velarde
dvelarde at us.ibm.com
Tue Mar 8 21:13:44 UTC 2005
Before we decide to use the pers flag for this, I want to understand
personality more.
I added an additional
printf("Personality: %ld\n", personality(0xffffffff));
statement in the test case before you make the call
personality(0x08);
Before you explicitly set personality to 8 in the test, personality is
always=0 whether you compile the test in 64bit or 32bit mode.
Is that the expected behavior? Can you not tell from personality if
something was compiled in 32bit vs 64bit mode?
-debbie
Steve Grubb
<sgrubb at redhat.co
m> To
Sent by: Linux Audit Discussion
linux-audit-bounc <linux-audit at redhat.com>
es at redhat.com cc
Subject
03/08/2005 02:34 Re: syscall filtering on
PM personality
Please respond to
Linux Audit
Discussion
On Tuesday 08 March 2005 15:18, Debora Velarde wrote:
> So it looks like, if you add a syscall by name to auditctl, it always
adds
> only the rule for the 64bit syscall number.
Actually, this should be the syscall number that auditctl was compiled
with.
> Should auditctl add both?
I don't think so. How does it know what personalities you want to watch?
> Or should auditctl use the pers flag to figure out which syscall number
to
> add?
How about we make pers take a list? This could be implemented one of 2
ways.
auditctl can generate a rule for each personality. Or with some changes in
the kernel, we can make personality act more like a bit mask so that we
don't
have to load as many rules in the kernel.
Userspace can generate a mask or separate rules. Any preferences?
-Steve
--
Linux-audit mailing list
Linux-audit at redhat.com
http://www.redhat.com/mailman/listinfo/linux-audit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050308/e8beed0f/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050308/e8beed0f/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic25633.gif
Type: image/gif
Size: 1255 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050308/e8beed0f/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050308/e8beed0f/attachment-0002.gif>
More information about the Linux-audit
mailing list