key in syscall audit rules.
Steve Grubb
sgrubb at redhat.com
Tue May 17 17:49:57 UTC 2005
On Tuesday 17 May 2005 13:06, David Woodhouse wrote:
> I'm building an audit.40 with this in. Steve, does it look OK to you?
General comment, should you use uint32_t or __u32 ?
I looked through the patch. I see what you are doing, but its not quite the
same as we have in file system audit. The key is a text string that that gets
printed when an audit event gets logged.
I would imagine it to be a string that is 32 bytes long (use the same define
so we have symmetry), that would live in the audit_rule structure. The "case
AUDIT_KEY" that was in the audit_filter_rules function shouldn't be there.
Does this make sense? I think we want it to act just like the one in
filesystem audit.
-Steve
More information about the Linux-audit
mailing list