[RFC][PATCH] collect security labels on user processes generating audit messages
Steve Grubb
sgrubb at redhat.com
Wed Feb 15 21:33:10 UTC 2006
On Wednesday 15 February 2006 15:06, Stephen Smalley wrote:
> Yes, audit_log_untrustedstring could check for the <NULL> string or
> whatever is used.
That's what I'm leaning towards at the moment.
> But Steve indicated that file names are already being
> quoted, so they can be distinguished as is.
I was checking and I think it was the way Linda created the file caused the
results she posted. Using "touch \(null\)" yielded identical results.
-Steve
More information about the Linux-audit
mailing list