[PATCH] Reporting file descriptors created by pipe and socketpair
Steve Grubb
sgrubb at redhat.com
Tue Sep 12 17:41:55 UTC 2006
On Tuesday 12 September 2006 12:21, Alexander Viro wrote:
> c) just how do you propose to do "tracking file descriptors"? It's
> so trivial to confuse that it's not even funny; pass an SCM_RIGHTS
> datagram to yourself and watch that code blow chunks.
So, what would be a good way to let them see the file descriptors created by
these two syscalls? The can get the info for socket, open, accept, ... but
these two are difficult to get at the information.
This might be better as an aux record instead of part of the syscall record
where the field is meaningless for 99.99% of the syscalls.
-Steve
More information about the Linux-audit
mailing list