[PATCH] Rework of IPC auditing
Amy Griffis
amy.griffis at hp.com
Tue Mar 14 21:49:12 UTC 2006
On Fri, Mar 10, 2006 at 01:25:19PM -0600, Dustin Kirkland wrote:
> The audit_ipc_new_perm() function is called any time the permissions on
> the ipc object changes. In this case, the NEW permissions are recorded
> (and note that an audit_ipc_obj() call exists just a few lines before
> each instance).
Thanks, this resolves my issue with the ambiguity around the perm
fields.
> I think at this point this patch is ready for inclusion in our LSPP
> kernels and some testing.
Yes, my only question is whether we will see any duplicate AUDIT_IPC
records for a given operation. I haven't followed all the code paths
to see whether this would happen or not.
> I have a couple of questions that remain:
> - I'd like to run these changes carefully by someone very familiar with
> the Linux ipc code. There are some strange nuances between msg.c,
> sem.c, and shm.c that I'd like to make sure are interpreted correctly.
> Al, is this your area?
You might try Manfred Spraul or Alan Cox.
> - There are a couple of warnings that have been in the ipc compilations
> for some time now about possibly using setbuf.* before initialization.
> I'm wondering if anyone thinks these compiler warnings are founded and
> if anyone has suggestions to silence them?
I don't see those warnings in my build.
Regards,
Amy
More information about the Linux-audit
mailing list