[PATCH] cleanup audit name handling
Amy Griffis
amy.griffis at hp.com
Tue Nov 29 23:44:36 UTC 2005
On Tue, Nov 29, 2005 at 06:19:48PM -0500, Linda Knippers wrote:
> In the case of an audit record, wouldn't it be important to
> distinguish between a file name of "(null)" and a null file name?
I'd say so.
In the patch, I omitted the "name" field in the record when there is
no associated name.
> I'm not sure how we get a null file name but if we can get a null
> file name, I think the audit record should be accurate.
Syscalls like fchmod and fchown have no assocated name because there
is no path_lookup().
> Amy, how did you notice this?
Just code review.
Steve Grubb wrote:
> > Not sure this is better. This patch causes the output to end with
> > =. Which makes people think that the software malfunctioned on
> > output.
This is in the debug output, which should only be seen by developers.
I doubt this would be too confusing to a dev, but I'm not set on it.
The audit record is what I'm concerned about.
Amy
More information about the Linux-audit
mailing list