[PATCH] Reporting file descriptors and exec args
John D. Ramsdell
ramsdell at mitre.org
Thu Sep 14 09:38:45 UTC 2006
I withdraw the previously submitted kernel patch. In addition to the
errors already pointed out on this list, the patch was produced
several months ago, and the kernel has changed since then. In
addition, the audit records for execve and open in the latest kernel
already includes the information of interest. From the perspective of
polgen, all that is currently missing is the file descriptors created
by the pipe and socketpair system calls, and we'll be back with just
that patch once it's properly prepared.
I have been relying on others to create kernel patches, and neglected
to familiarize myself with the accepted practice for submitting
patches. I will ensure that future patches follow the rules.
John
More information about the Linux-audit
mailing list