key in syscall audit rules.
David Woodhouse
dwmw2 at infradead.org
Tue May 17 20:38:34 UTC 2005
On Tue, 2005-05-17 at 13:49 -0400, Steve Grubb wrote:
> General comment, should you use uint32_t or __u32 ?
uint32_t is the C99 standard type.
> I looked through the patch. I see what you are doing, but its not quite the
> same as we have in file system audit. The key is a text string that that gets
> printed when an audit event gets logged.
That would be hard to introduce into audit rules without breaking binary
compatibility. The way it's done, you have 4 milliard possible keys for
syscall auditing rules. Do you really think that's insufficient?
--
dwmw2
More information about the Linux-audit
mailing list