[PATCH] Audit of POSIX Message Queue Syscalls
Steve Grubb
sgrubb at redhat.com
Wed May 17 18:11:33 UTC 2006
On Wednesday 17 May 2006 12:39, Amy Griffis wrote:
> Looking through the code, I see that audit_getname, audit_inode and
> friends do both checks, while the other aux data collectors only check
> !context. Looks like someone should add the second check for those
> also (except maybe audit_avc_path).
I think this was going to be done when the hook functions were changed to an
inline function that checks if audit is enabled before doing the real
function call.
> IIRC, we want the avc path records even when syscall auditing is disabled.
True.
-Steve
More information about the Linux-audit
mailing list