[RFC][PATCH 1/2] (#6 U2) filesystem auditing
Timothy R. Chavez
tinytim at us.ibm.com
Tue Mar 29 15:38:30 UTC 2005
On Tuesday 29 March 2005 08:34 am, Steve Grubb wrote:
> On Monday 28 March 2005 20:54, Timothy R. Chavez wrote:
> > + Added AUDIT_WATCH_LST support
>
> Why not LIST instead of LST.
>
> > + Added AUDIT_WATCH_ERR support - generic channel to send messages about
> > watch actions to userspace; convert audit_receive_watch() to use this
>
> I disagree with this whole approach. You should not create your own message
> call back. You should use the same one that every other packet type uses.
> Please just return the error back to audit_receive_msg. It should either
> return the error code directly or catch the error code in err. You do not
> need a type in the error message either. That should be readily appearant.
> If I'm inserting a rule, I should know the error was related to insert.
I can change this. Easy enough. This will reduce the reply code for
insert/delete for 0.6.9 too and eliminate a macro.
>
> Was audit_receive_msg not returning an error message?
No it can return one. I just wanted to put some additional context around
that error message.
>
> Thanks,
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> http://www.redhat.com/mailman/listinfo/linux-audit
--
-tim
More information about the Linux-audit
mailing list